Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

laptop laggg (win 10)


  • This topic is locked This topic is locked
55 replies to this topic

#1 arvynet

arvynet

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 15 November 2016 - 06:03 PM

hello problem solvers :) i have posted today in a different forum and was told by the person helping me there i should post here to see if my computer isnt infested first. 

link to other thread: http://www.bleepingcomputer.com/forums/t/632307/help-with-on-going-problem-slowww-win-10/

 

description of my problem (repost from other thread)

 

Hello to all, this is my first post in this forum. (2nd thread :))

I have a gateway nv series laptop, it is probably 6 or 7 years old, up until last week i have not had any major issue with it. 

the computer originally came with windows 7 but i have updated to windows 10

 

last week i turned on the computer and it has started running really slow

getting stuck

lagging
giving me bosd's

updates fail to install

 

when i turn on task manager the memory and disk usage sometimes reach 100%

it seems that the antimalware executable was doing the damage so i turned it off and it does not take as much cpu, but from time to time still reaches the top of cpu usage list, but the computer is still in the same condition and cpu usage is still very high (100%) but now it seems that service host local system (network restricted) is the program that takes a ton of cpu memory. 

overall it seems that cpu usage is super high, i dont remember that being the case before windows 10 upgrade

 

the bosds that i remeber getting:

kmode exeption not handled

verifier issue (i was trying to run verifier to figure out if it was a driver issue)

i dont remember the third one..

 

when i run the computer in safe mode there doesn't seem to be lag

 

i will attach a screen shot of the task manager with cpu usage of 100%

plus i will attach a screen shot of the failed to install updates

 

I greatly appreciate who ever is reading this and even more so to whomever can help me solve my problem.

 

Thanks in advance

Arvynet

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 AM

Posted 20 November 2016 - 06:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/632318 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 arvynet

arvynet
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 21 November 2016 - 04:29 AM

windows 10 64 bit 
here are the logs from farbar app
i have managed to manually install all missing updates since last posting

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2016 01
Ran by arvis (administrator) on ARVIS-PC (21-11-2016 02:35:42)
Running from C:\Users\arvis\Downloads
Loaded Profiles: arvis (Available Profiles: arvis & Guest & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\LabAgentService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\LabNetworkAgentService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\QTController.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2009-11-20] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3952800 2015-10-11] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [244480 2009-09-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-4037827805-714374717-3792867422-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-4037827805-714374717-3792867422-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-05] (Google Inc.)
HKU\S-1-5-21-4037827805-714374717-3792867422-1001\...\Run: [Google Update] => C:\Users\arvis\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-4037827805-714374717-3792867422-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-4037827805-714374717-3792867422-1001\...\Run: [Google Photos Backup] => C:\Users\arvis\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-09-27] ()
Startup: C:\Users\arvis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-09-27] ()
Startup: C:\Users\arvis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2014-06-05]
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\arvis\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{931bf2c5-1539-47c8-8121-56a4c57d3179}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv59&r=27360510l2b6l0310z1i5a4971y338
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4037827805-714374717-3792867422-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4037827805-714374717-3792867422-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv59&r=27360510l2b6l0310z1i5a4971y338
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\S-1-5-21-4037827805-714374717-3792867422-1001 -> {479B705B-B071-4909-8518-68942DEB13D8} URL = hxxp://flvtubesearch.co/?tmp=toolbar_FlvTube_results&prt=flvtubetb01ie&Keywords={searchTerms}&clid=4e29a09ea24e4e16aed3f2e630249d20
SearchScopes: HKU\S-1-5-21-4037827805-714374717-3792867422-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS380
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-16] (Google Inc.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-16] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-16] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-4037827805-714374717-3792867422-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-16] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)

FireFox:
========
FF DefaultProfile: 1tob7uot.default-1444171405470
FF ProfilePath: C:\Users\arvis\AppData\Roaming\Mozilla\Firefox\Profiles\1tob7uot.default-1444171405470 [2016-08-20]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: (DivX Plus Web Player HTML5 &video&) - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-04-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: (DivX HiQ) - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-04-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-06-07] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-07] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-01-24] (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)
FF Plugin HKU\S-1-5-21-4037827805-714374717-3792867422-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\arvis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4037827805-714374717-3792867422-1001: @talk.google.com/O1DPlugin -> C:\Users\arvis\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4037827805-714374717-3792867422-1001: @tools.google.com/Google Update;version=3 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-4037827805-714374717-3792867422-1001: @tools.google.com/Google Update;version=9 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-4037827805-714374717-3792867422-1001: facebook.com/fbDesktopPlugin -> C:\Users\arvis\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\arvis\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\arvis\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\arvis\AppData\Local\Google\Chrome\User Data\Default [2016-11-21]
CHR Extension: (Google Slides) - C:\Users\arvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-04]
CHR Extension: (Google Docs) - C:\Users\arvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-04]
CHR Extension: (Google Drive) - C:\Users\arvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-04]
CHR Extension: (YouTube) - C:\Users\arvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-04]
CHR Extension: (Google Search) - C:\Users\arvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-04]
CHR Extension: (DivX HiQ) - C:\Users\arvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2016-03-04]
CHR Extension: (Google Docs Offline) - C:\Users\arvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\arvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\arvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\arvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2016-03-04]
CHR Extension: (Gmail) - C:\Users\arvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-04]
CHR Extension: (Chrome Media Router) - C:\Users\arvis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-07]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-07]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2014-01-26] (Fork Ltd.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 LabAgentService; C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\LabAgentService.exe [144280 2012-05-21] (Microsoft Corporation)
R2 LabNetworkAgentService; C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\LabNetworkAgentService.exe [570288 2012-05-21] (Microsoft Corporation)
S4 MonectServerService; C:\Program Files (x86)\PC Remote Receiver\MonectServerService.exe [83456 2016-07-20] (Monect) [File not signed]
S4 rtpMIDIService; C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [1131008 2011-07-01] (Tobias Erichsen) [File not signed]
S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [747800 2015-12-14] (DEVGURU Co., LTD.)
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247968 2015-10-11] (Synaptics Incorporated)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S2 VSTTAgent; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\QTAgentService.exe [114064 2012-05-21] (Microsoft Corporation)
R2 VSTTController; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\QTController.exe [51592 2012-05-21] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [109056 2011-10-03] () [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 automap; C:\WINDOWS\system32\DRIVERS\automap.sys [18776 2012-04-19] (Focusrite Audio Engineering Limited)
R3 bomebus; C:\WINDOWS\System32\drivers\bomebus.sys [34376 2010-10-13] (Bome Software)
R3 bomemidi; C:\WINDOWS\system32\drivers\bomemidi.sys [30792 2010-10-13] (Bome Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 iDispService; C:\WINDOWS\system32\DRIVERS\idisplayminiport.sys [14248 2012-08-31] (SHAPE Services)
S3 LVPr2M64; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 monectdevices; C:\WINDOWS\System32\drivers\monectdevices.sys [15768 2013-12-03] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NvnUsbAudio; C:\WINDOWS\system32\DRIVERS\nvnusbaudio.sys [53080 2011-10-05] (Novation DMS Ltd.)
S1 SFilter; C:\WINDOWS\System32\DRIVERS\netne6.sys [106944 2012-01-27] (Microsoft Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [44192 2015-10-11] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 teVirtualMIDI64; C:\WINDOWS\system32\DRIVERS\teVirtualMIDI64.sys [28160 2011-06-26] (Tobias Erichsen)
R2 TurboB; C:\WINDOWS\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 WMPNetworkSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-21 02:43 - 2016-11-21 02:44 - 00158720 _____ (Sysnative) C:\Users\arvis\Downloads\SysnativeBSODCollectionApp.exe
2016-11-21 02:28 - 2016-11-21 02:35 - 00021728 _____ C:\Users\arvis\Downloads\FRST.txt
2016-11-21 02:27 - 2016-11-21 02:28 - 00000000 ____D C:\FRST
2016-11-21 02:24 - 2016-11-21 02:25 - 02412544 _____ (Farbar) C:\Users\arvis\Downloads\FRST64.exe
2016-11-16 06:02 - 2016-11-02 06:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-16 06:02 - 2016-11-02 05:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-16 06:02 - 2016-11-02 05:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-16 06:02 - 2016-11-02 04:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-16 06:02 - 2016-11-02 04:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-16 06:02 - 2016-11-02 04:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-16 06:02 - 2016-11-02 04:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-16 06:02 - 2016-11-02 04:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-16 06:02 - 2016-11-02 04:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-16 06:01 - 2016-11-02 05:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-16 06:01 - 2016-11-02 04:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-16 06:01 - 2016-11-02 04:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-16 06:01 - 2016-11-02 04:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-16 06:01 - 2016-11-02 04:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-16 06:01 - 2016-11-02 04:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-16 06:01 - 2016-11-02 04:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-16 06:01 - 2016-11-02 04:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-16 06:01 - 2016-11-02 04:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-16 06:01 - 2016-11-02 02:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-16 06:00 - 2016-11-02 05:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-16 06:00 - 2016-11-02 05:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-16 06:00 - 2016-11-02 05:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-16 06:00 - 2016-11-02 04:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-16 06:00 - 2016-11-02 04:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-16 06:00 - 2016-11-02 04:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-16 06:00 - 2016-11-02 04:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-16 06:00 - 2016-11-02 04:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-16 06:00 - 2016-11-02 04:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-16 06:00 - 2016-11-02 04:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-16 06:00 - 2016-11-02 04:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-16 05:59 - 2016-11-02 05:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-16 05:59 - 2016-11-02 05:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-16 05:59 - 2016-11-02 05:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-16 05:59 - 2016-11-02 05:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-16 05:59 - 2016-11-02 05:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-16 05:59 - 2016-11-02 05:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-16 05:59 - 2016-11-02 04:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-16 05:59 - 2016-11-02 04:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-16 05:59 - 2016-11-02 04:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-16 05:59 - 2016-11-02 04:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-16 05:59 - 2016-11-02 04:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-16 05:54 - 2016-11-02 04:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-16 05:54 - 2016-11-02 04:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-16 05:54 - 2016-11-02 04:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-16 05:53 - 2016-11-02 05:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-16 05:53 - 2016-11-02 05:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-16 05:53 - 2016-11-02 04:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-16 05:53 - 2016-11-02 04:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-16 05:53 - 2016-11-02 04:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-16 05:53 - 2016-11-02 04:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-16 05:52 - 2016-11-02 06:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-16 05:52 - 2016-11-02 05:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-16 05:52 - 2016-11-02 04:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-16 05:52 - 2016-11-02 04:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-16 05:52 - 2016-11-02 04:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-16 05:52 - 2016-11-02 04:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-16 05:51 - 2016-11-02 04:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-16 05:51 - 2016-11-02 04:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-16 05:51 - 2016-11-02 04:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-16 05:51 - 2016-11-02 04:33 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2016-11-16 05:51 - 2016-11-02 04:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2016-11-16 05:51 - 2016-11-02 04:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-16 05:51 - 2016-11-02 04:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-16 05:51 - 2016-11-02 04:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-16 05:51 - 2016-11-02 04:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-16 05:51 - 2016-11-02 04:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-16 05:51 - 2016-11-02 04:19 - 06582784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll
2016-11-16 05:51 - 2016-11-02 04:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-16 05:51 - 2016-11-02 04:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-16 05:51 - 2016-11-02 04:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-16 05:50 - 2016-11-02 05:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-16 05:50 - 2016-11-02 05:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-16 05:50 - 2016-11-02 04:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-16 05:50 - 2016-11-02 04:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-16 05:49 - 2016-11-02 05:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-16 05:49 - 2016-11-02 05:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-16 05:49 - 2016-11-02 04:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-16 05:49 - 2016-11-02 04:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-16 05:49 - 2016-11-02 04:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-16 05:49 - 2016-11-02 04:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-16 05:49 - 2016-11-02 04:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-16 05:45 - 2016-11-02 04:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-16 05:45 - 2016-11-02 04:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-16 05:44 - 2016-11-02 05:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-16 05:44 - 2016-11-02 04:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-16 05:44 - 2016-11-02 04:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-16 05:44 - 2016-11-02 04:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-16 05:44 - 2016-11-02 04:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-16 05:44 - 2016-11-02 04:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-16 05:44 - 2016-11-02 04:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-16 05:43 - 2016-11-02 05:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-16 05:43 - 2016-11-02 05:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-16 05:43 - 2016-11-02 05:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-16 05:43 - 2016-11-02 05:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-16 05:43 - 2016-11-02 04:49 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll
2016-11-16 05:43 - 2016-11-02 04:46 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2016-11-16 05:43 - 2016-11-02 04:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-16 05:43 - 2016-11-02 04:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-16 05:43 - 2016-11-02 04:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-16 05:43 - 2016-11-02 04:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-16 05:43 - 2016-11-02 04:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-16 05:43 - 2016-11-02 04:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-16 05:43 - 2016-11-02 04:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-16 05:43 - 2016-11-02 04:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-16 05:43 - 2016-11-02 04:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-16 05:42 - 2016-11-02 05:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-16 05:42 - 2016-11-02 04:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-16 05:42 - 2016-11-02 04:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-16 05:42 - 2016-11-02 04:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-16 05:42 - 2016-11-02 04:30 - 04977664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2016-11-16 05:42 - 2016-11-02 04:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-16 05:42 - 2016-11-02 04:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-16 05:42 - 2016-11-02 04:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-16 05:42 - 2016-11-02 04:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-16 05:42 - 2016-11-02 04:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-16 05:42 - 2016-11-02 04:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-16 05:42 - 2016-11-02 04:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-16 05:42 - 2016-11-02 04:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-16 05:42 - 2016-11-02 04:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-16 05:42 - 2016-11-02 04:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-16 05:42 - 2016-11-02 04:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-16 05:42 - 2016-11-02 04:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-16 05:42 - 2016-11-02 04:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-16 05:38 - 2016-11-02 04:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-16 05:38 - 2016-11-02 04:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-16 05:38 - 2016-11-02 04:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-16 05:38 - 2016-11-02 04:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-16 05:38 - 2016-11-02 04:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-16 05:38 - 2016-08-01 22:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-16 05:37 - 2016-11-02 05:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-16 05:37 - 2016-11-02 05:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-16 05:37 - 2016-11-02 04:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-16 05:37 - 2016-11-02 04:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-16 05:37 - 2016-11-02 04:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-16 05:37 - 2016-11-02 04:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-16 05:37 - 2016-11-02 04:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-16 05:37 - 2016-11-02 04:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-16 05:37 - 2016-11-02 04:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-16 05:37 - 2016-11-02 04:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-16 05:36 - 2016-11-02 05:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-16 05:36 - 2016-11-02 05:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-16 05:36 - 2016-11-02 04:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-16 05:36 - 2016-11-02 04:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-16 05:36 - 2016-11-02 04:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-16 05:36 - 2016-11-02 04:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-16 05:36 - 2016-11-02 04:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-16 05:36 - 2016-11-02 04:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-16 05:36 - 2016-11-02 04:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-16 05:36 - 2016-11-02 04:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-16 05:36 - 2016-11-02 04:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-16 05:36 - 2016-11-02 04:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-16 05:36 - 2016-11-02 04:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-16 05:36 - 2016-11-02 04:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-16 05:36 - 2016-11-02 04:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-16 05:36 - 2016-11-02 04:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-16 05:36 - 2016-11-02 04:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-16 05:36 - 2016-11-02 04:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-16 05:36 - 2016-11-02 04:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-16 05:36 - 2016-11-02 04:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-16 05:36 - 2016-11-02 04:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-16 05:36 - 2016-11-02 04:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-16 05:36 - 2016-11-02 04:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-16 05:36 - 2016-11-02 03:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-16 05:36 - 2016-11-02 03:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-16 05:35 - 2016-11-02 05:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-16 05:35 - 2016-11-02 05:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-16 05:35 - 2016-11-02 05:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-16 05:35 - 2016-11-02 05:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-16 05:35 - 2016-11-02 05:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-16 05:35 - 2016-11-02 04:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-16 05:35 - 2016-11-02 04:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-16 05:35 - 2016-11-02 04:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-16 05:35 - 2016-11-02 04:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-16 05:35 - 2016-11-02 04:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-16 05:35 - 2016-11-02 04:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-16 05:35 - 2016-11-02 04:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-16 05:35 - 2016-11-02 04:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-16 05:35 - 2016-11-02 04:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-16 05:35 - 2016-11-02 04:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-16 05:35 - 2016-11-02 04:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-16 05:35 - 2016-11-02 04:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-16 05:35 - 2016-11-02 04:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-16 05:35 - 2016-11-02 04:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-16 05:35 - 2016-11-02 04:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-16 05:35 - 2016-11-02 04:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-16 05:34 - 2016-11-02 04:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-16 05:34 - 2016-11-02 04:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-16 05:34 - 2016-11-02 04:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-16 05:34 - 2016-11-02 04:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-16 05:34 - 2016-11-02 04:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-16 05:34 - 2016-11-02 04:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-16 05:34 - 2016-11-02 04:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-16 05:34 - 2016-11-02 04:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-16 05:34 - 2016-11-02 04:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-16 05:34 - 2016-11-02 04:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-16 05:34 - 2016-11-02 04:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-16 05:34 - 2016-11-02 04:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-16 05:34 - 2016-11-02 04:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-16 05:34 - 2016-11-02 04:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-16 05:34 - 2016-11-02 04:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-16 05:34 - 2016-11-02 04:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-16 05:34 - 2016-11-02 04:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-16 05:34 - 2016-11-02 04:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-16 05:34 - 2016-11-02 04:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-16 05:30 - 2016-11-02 05:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-16 05:30 - 2016-11-02 04:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-16 05:30 - 2016-11-02 04:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-16 05:29 - 2016-11-02 05:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-16 05:29 - 2016-11-02 05:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-16 05:29 - 2016-11-02 05:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-16 05:29 - 2016-11-02 04:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-16 05:29 - 2016-11-02 04:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-16 05:29 - 2016-11-02 04:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-16 05:29 - 2016-11-02 04:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-16 05:29 - 2016-11-02 04:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-16 05:29 - 2016-11-02 04:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-16 05:29 - 2016-11-02 04:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-16 05:29 - 2016-11-02 04:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-16 05:29 - 2016-11-02 04:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-16 05:29 - 2016-11-02 04:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-16 05:29 - 2016-11-02 04:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-16 05:29 - 2016-11-02 04:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-16 05:29 - 2016-11-02 04:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-16 05:29 - 2016-11-02 04:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-16 05:28 - 2016-11-02 04:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-16 05:28 - 2016-11-02 04:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-16 05:28 - 2016-11-02 04:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-16 05:28 - 2016-11-02 04:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-16 05:28 - 2016-11-02 04:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-16 05:28 - 2016-11-02 04:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-16 05:28 - 2016-11-02 04:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-16 05:28 - 2016-11-02 04:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-16 05:28 - 2016-11-02 04:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-16 05:28 - 2016-11-02 04:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-16 05:28 - 2016-11-02 04:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-16 05:28 - 2016-11-02 04:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-16 05:28 - 2016-11-02 04:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-16 05:28 - 2016-11-02 04:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-16 05:28 - 2016-11-02 04:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-16 05:28 - 2016-11-02 04:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-16 05:28 - 2016-11-02 04:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-16 05:27 - 2016-11-02 05:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-16 05:27 - 2016-11-02 05:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-16 05:27 - 2016-11-02 05:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-16 05:27 - 2016-11-02 05:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-16 05:27 - 2016-11-02 05:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-16 05:27 - 2016-11-02 05:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-16 05:27 - 2016-11-02 05:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-16 05:27 - 2016-11-02 04:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-16 05:27 - 2016-11-02 04:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-16 05:27 - 2016-11-02 04:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-16 05:27 - 2016-11-02 04:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-16 05:27 - 2016-11-02 04:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-16 05:27 - 2016-11-02 04:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-16 05:26 - 2016-11-02 05:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-16 05:26 - 2016-11-02 05:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-16 05:26 - 2016-11-02 05:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-16 05:26 - 2016-11-02 04:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-16 05:26 - 2016-11-02 04:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-16 04:49 - 2016-11-16 05:01 - 07557856 _____ (Microsoft Corporation) C:\Users\arvis\Downloads\windows-kb890830-x64-v5.42-delta_e8ccb75d1f2c4c79e0f928b7a29cfdaa13a8dab3.exe
2016-11-16 04:47 - 2016-11-16 04:47 - 07804940 _____ C:\Users\arvis\Downloads\xlconv-x-none_d733a945370f92dbcf14d1db945a9be175ef86d6.cab
2016-11-15 22:14 - 2016-10-14 21:31 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-11-15 22:11 - 2016-10-14 22:48 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-11-15 22:11 - 2016-10-14 22:26 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-11-15 22:11 - 2016-10-14 21:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-11-15 22:11 - 2016-10-14 21:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-11-15 22:11 - 2016-10-14 21:53 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-11-15 22:11 - 2016-10-14 21:43 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-11-15 22:11 - 2016-10-14 21:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-11-15 22:10 - 2016-10-14 22:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-11-15 22:10 - 2016-10-14 22:15 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-11-15 22:10 - 2016-10-14 21:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-11-15 22:10 - 2016-10-14 21:50 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-11-15 22:10 - 2016-10-14 21:42 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-11-15 22:10 - 2016-08-26 23:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-11-15 22:09 - 2016-10-14 22:26 - 01990648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-11-15 22:09 - 2016-10-14 22:26 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-11-15 22:09 - 2016-10-14 22:26 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-11-15 22:09 - 2016-10-14 21:52 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-11-15 22:09 - 2016-10-14 21:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-11-15 22:09 - 2016-10-14 21:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-11-15 22:09 - 2016-10-14 21:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-11-15 22:09 - 2016-10-14 21:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-11-15 22:09 - 2016-10-14 21:36 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-11-15 22:08 - 2016-10-14 22:22 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-11-15 22:06 - 2016-10-14 21:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-11-15 22:06 - 2016-10-14 21:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2016-11-15 22:06 - 2016-10-14 21:35 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-11-15 22:06 - 2016-09-10 07:21 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-11-15 22:05 - 2016-10-14 22:37 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-11-15 22:05 - 2016-10-14 22:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-11-15 22:05 - 2016-10-14 22:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2016-11-15 22:05 - 2016-10-14 21:58 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-11-15 22:05 - 2016-10-14 21:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-11-15 22:05 - 2016-10-14 21:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2016-11-15 22:05 - 2016-10-14 21:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-11-15 22:05 - 2016-10-14 21:49 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-11-15 22:05 - 2016-10-14 21:47 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-11-15 22:05 - 2016-10-14 21:45 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-11-15 22:04 - 2016-10-14 21:56 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-11-15 22:04 - 2016-10-14 21:55 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-11-15 22:04 - 2016-10-14 21:54 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-11-15 22:04 - 2016-10-14 21:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-11-15 22:04 - 2016-10-14 21:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-11-15 22:04 - 2016-10-14 21:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-11-15 22:04 - 2016-10-14 21:36 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-11-15 22:04 - 2016-10-14 21:36 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-11-15 22:04 - 2016-10-14 21:35 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-11-15 22:03 - 2016-10-14 22:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-11-15 22:03 - 2016-10-14 21:50 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-11-15 22:03 - 2016-10-14 21:38 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-11-15 22:03 - 2016-10-14 21:38 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-11-15 22:03 - 2016-10-14 21:37 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-11-15 22:00 - 2016-10-14 22:51 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-11-15 22:00 - 2016-10-14 22:51 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-11-15 22:00 - 2016-10-14 22:51 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-11-15 22:00 - 2016-10-14 22:38 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-11-15 22:00 - 2016-10-14 22:30 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-11-15 22:00 - 2016-10-14 22:29 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-11-15 22:00 - 2016-10-14 22:29 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-11-15 22:00 - 2016-10-14 22:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-11-15 22:00 - 2016-10-14 22:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-11-15 22:00 - 2016-10-14 21:56 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-11-15 22:00 - 2016-10-14 21:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2016-11-15 22:00 - 2016-10-14 21:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-11-15 22:00 - 2016-10-14 21:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-11-15 22:00 - 2016-10-14 21:37 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-11-15 22:00 - 2016-10-14 21:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-11-15 22:00 - 2016-10-14 21:35 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-11-15 21:59 - 2016-10-14 22:51 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-11-15 21:59 - 2016-10-14 22:51 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-11-15 21:59 - 2016-10-14 22:30 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-11-15 21:59 - 2016-10-14 21:59 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-11-15 21:59 - 2016-10-14 21:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-11-15 21:59 - 2016-10-14 21:59 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-11-15 21:59 - 2016-10-14 21:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-11-15 21:59 - 2016-10-14 21:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-11-15 21:59 - 2016-10-14 21:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-11-15 21:59 - 2016-10-14 21:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-11-15 21:58 - 2016-10-14 22:51 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-11-15 21:58 - 2016-10-14 22:51 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-11-15 21:58 - 2016-10-14 22:51 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-11-15 21:58 - 2016-10-14 22:51 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-11-15 21:58 - 2016-10-14 21:51 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-11-15 21:58 - 2016-10-14 21:50 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-11-15 21:58 - 2016-10-14 21:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-11-15 21:58 - 2016-10-14 21:48 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-11-15 21:58 - 2016-10-14 21:46 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-11-15 21:58 - 2016-10-14 21:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-11-15 21:58 - 2016-10-14 21:42 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-11-15 21:58 - 2016-10-14 21:41 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-11-15 21:58 - 2016-10-14 21:39 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-11-15 21:58 - 2016-10-14 21:37 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-11-15 21:58 - 2016-10-14 21:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-11-15 21:58 - 2016-10-14 21:35 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-11-15 21:58 - 2016-10-14 21:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-11-15 21:58 - 2016-10-14 21:35 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-11-15 21:57 - 2016-10-14 21:49 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-11-15 21:57 - 2016-10-14 21:48 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-11-15 21:53 - 2016-10-14 21:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2016-11-15 21:53 - 2016-10-14 21:56 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-11-15 21:53 - 2016-10-14 21:56 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-11-15 21:53 - 2016-10-14 21:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2016-11-15 21:53 - 2016-10-14 21:52 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-11-15 21:53 - 2016-10-14 21:52 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-11-15 21:53 - 2016-10-14 21:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2016-11-15 21:53 - 2016-10-14 21:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-11-15 21:53 - 2016-10-14 21:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-11-15 21:53 - 2016-10-14 21:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-11-15 21:53 - 2016-10-14 21:36 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-11-15 21:52 - 2016-10-14 22:51 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-11-15 21:52 - 2016-10-14 21:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-11-15 21:52 - 2016-10-14 21:39 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-11-15 21:52 - 2016-10-14 21:34 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-11-15 21:51 - 2016-10-14 22:43 - 01356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-11-15 21:51 - 2016-10-14 22:41 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-11-15 21:51 - 2016-10-14 22:30 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-11-15 21:51 - 2016-10-14 22:29 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-11-15 21:51 - 2016-10-14 22:26 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-11-15 21:51 - 2016-10-14 22:25 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-11-15 21:51 - 2016-10-14 22:25 - 00742704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-11-15 21:51 - 2016-10-14 21:56 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-11-15 21:51 - 2016-10-14 21:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-11-15 21:51 - 2016-10-14 21:55 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-11-15 21:51 - 2016-10-14 21:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-11-15 21:51 - 2016-10-14 21:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-11-15 21:51 - 2016-10-14 21:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-11-15 21:51 - 2016-10-14 21:53 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-11-15 21:51 - 2016-10-14 21:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-11-15 21:51 - 2016-10-14 21:50 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-11-15 21:51 - 2016-10-14 21:47 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-11-15 21:51 - 2016-10-14 21:46 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-11-15 21:51 - 2016-10-14 21:45 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-11-15 21:51 - 2016-10-14 21:41 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-11-15 21:51 - 2016-10-14 21:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-11-15 21:51 - 2016-10-14 21:35 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-11-15 21:51 - 2016-10-14 21:34 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-11-15 21:51 - 2016-10-14 21:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-11-15 21:51 - 2016-08-05 22:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-11-15 21:50 - 2016-10-14 22:34 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-11-15 21:50 - 2016-10-14 22:31 - 02827864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-11-15 21:50 - 2016-10-14 22:29 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-11-15 21:50 - 2016-10-14 22:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-11-15 21:50 - 2016-10-14 22:05 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-11-15 21:50 - 2016-10-14 21:47 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-11-15 21:50 - 2016-10-14 21:47 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2016-11-15 21:50 - 2016-10-14 21:43 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-11-15 21:50 - 2016-10-14 21:41 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-11-15 21:50 - 2016-10-14 21:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-11-15 21:50 - 2016-10-14 21:39 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-11-15 21:50 - 2016-10-14 21:37 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-11-15 21:46 - 2016-10-14 21:52 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-11-15 21:46 - 2016-10-14 21:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-11-15 21:45 - 2016-10-14 22:31 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-11-15 21:45 - 2016-10-14 22:31 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-11-15 21:45 - 2016-10-14 22:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-11-15 21:45 - 2016-10-14 22:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-11-15 21:45 - 2016-10-14 21:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-11-15 21:45 - 2016-10-14 21:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-11-15 21:45 - 2016-10-14 21:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2016-11-15 21:45 - 2016-10-14 21:39 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-11-15 21:45 - 2016-10-14 21:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-11-15 21:44 - 2016-10-14 22:38 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-11-15 21:44 - 2016-10-14 22:26 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-11-15 21:44 - 2016-10-14 22:18 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-11-15 21:44 - 2016-10-14 21:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-11-15 21:44 - 2016-10-14 21:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-11-15 21:44 - 2016-10-14 21:37 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-11-15 21:43 - 2016-10-14 22:31 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-11-15 21:43 - 2016-10-14 22:30 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-11-15 21:43 - 2016-10-14 22:29 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-11-15 21:43 - 2016-10-14 22:26 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-11-15 21:43 - 2016-10-14 22:21 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-11-15 21:43 - 2016-10-14 22:21 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-11-15 21:43 - 2016-10-14 22:21 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-11-15 21:43 - 2016-10-14 22:20 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-11-15 21:43 - 2016-10-14 22:18 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-11-15 21:43 - 2016-10-14 22:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-11-15 21:43 - 2016-10-14 22:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-11-15 21:43 - 2016-10-14 21:56 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-11-15 21:43 - 2016-10-14 21:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-11-15 21:43 - 2016-10-14 21:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-11-15 21:43 - 2016-10-14 21:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-11-15 21:43 - 2016-10-14 21:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-11-15 21:43 - 2016-10-14 21:36 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-11-15 21:43 - 2016-10-14 21:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-11-15 21:43 - 2016-10-14 21:34 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-11-15 21:42 - 2016-10-14 22:15 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-11-15 21:42 - 2016-10-14 22:15 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-11-15 21:42 - 2016-10-14 22:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-11-15 21:42 - 2016-10-14 21:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-11-15 21:42 - 2016-10-14 21:47 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-11-15 21:42 - 2016-10-14 21:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-11-15 21:42 - 2016-10-14 21:38 - 02781184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2016-11-15 21:42 - 2016-10-14 21:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-11-15 19:11 - 2016-11-16 05:15 - 914122918 _____ C:\Users\arvis\Downloads\windows10.0-kb3200970-x64_3fa1daafc46a83ed5d0ecbd0a811e1421b7fad5a.msu
2016-11-15 18:07 - 2016-11-16 04:30 - 817586278 _____ C:\Users\arvis\Downloads\windows10.0-kb3194798-x64_8bc6befc7b3c51f94ae70b8d1d9a249bb4b5e108.msu
2016-11-15 17:38 - 2016-11-15 18:06 - 867575551 _____ C:\Users\arvis\Downloads\windows10.0-kb3197954-x64_74819c01705e7a4d0f978cc0fbd7bed6240642b0.msu
2016-11-12 08:06 - 2016-11-12 08:06 - 00000000 ___HD C:\$SysReset
2016-11-12 06:52 - 2016-11-12 06:54 - 00000000 ____D C:\Users\arvis\Desktop\deskto
2016-11-12 06:51 - 2016-11-12 06:51 - 00000639 _____ C:\Users\arvis\Downloads\WindowsUpdateDiagnostic.diagcab
2016-11-12 06:10 - 2016-11-12 06:10 - 00000000 _____ C:\Users\arvis\AppData\Local\{BCC25275-CC29-41DD-B190-9EE4C453F819}
2016-11-11 14:11 - 2016-11-11 14:13 - 22851472 _____ (Malwarebytes ) C:\Users\arvis\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-10 13:43 - 2016-11-10 13:43 - 00063092 _____ C:\Users\arvis\ia_remove.sh6500.tmp
2016-11-10 12:51 - 2016-11-10 12:51 - 00000000 ____D C:\WINDOWS\pss
2016-11-09 16:19 - 2016-11-09 16:19 - 00004068 _____ C:\WINDOWS\System32\Tasks\UALU notificatin
2016-11-09 15:00 - 2016-11-15 09:04 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-11-09 14:58 - 2016-11-09 14:59 - 00291804 _____ C:\WINDOWS\Minidump\110916-37328-01.dmp
2016-11-09 14:39 - 2016-11-09 14:39 - 00000000 _____ C:\WINDOWS\Minidump\110916-32015-01.dmp
2016-11-09 14:35 - 2016-11-09 14:36 - 00281172 _____ C:\WINDOWS\Minidump\110916-64406-01.dmp
2016-11-09 14:32 - 2016-11-09 14:32 - 00000000 ____D C:\WINDOWS\Panther
2016-11-08 08:27 - 2016-11-08 08:28 - 00327788 _____ C:\WINDOWS\Minidump\110816-41890-01.dmp
2016-11-07 16:19 - 2016-11-09 14:58 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-07 16:19 - 2016-11-07 16:20 - 00277876 _____ C:\WINDOWS\Minidump\110716-62937-01.dmp
2016-11-07 11:16 - 2016-11-07 11:16 - 00624509 _____ (CyberGhost S.R.L. ) C:\Users\arvis\Downloads\Unconfirmed 51409.crdownload
2016-11-07 10:33 - 2016-11-07 10:33 - 00002078 _____ C:\Users\arvis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberGhost 6.lnk
2016-11-07 05:51 - 2016-11-07 05:51 - 00000000 ____D C:\Users\arvis\AppData\Roaming\monect
2016-11-07 05:45 - 2016-11-07 05:51 - 00000000 ____D C:\Program Files (x86)\PC Remote Receiver
2016-11-07 05:45 - 2016-11-07 05:48 - 00000000 ____D C:\Users\arvis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Remote Receiver
2016-11-07 05:42 - 2016-11-07 05:44 - 29448234 _____ C:\Users\arvis\Downloads\PCRemoteReceiverSetup_5_2_3.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-21 02:21 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-21 02:07 - 2016-09-27 04:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-17 05:43 - 2016-07-16 00:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-11-17 04:35 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-16 17:21 - 2016-09-27 03:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-16 14:00 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-16 13:09 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-16 11:44 - 2016-09-27 03:35 - 00000000 ____D C:\Users\arvis
2016-11-16 11:43 - 2015-09-09 23:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-16 10:50 - 2016-09-27 03:28 - 00350352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-16 10:43 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-16 10:43 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-16 10:43 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-16 10:43 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-16 10:43 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-16 10:43 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-16 00:36 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-11-16 00:31 - 2016-07-16 05:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-11-15 15:31 - 2016-09-27 03:34 - 01496572 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-15 14:49 - 2015-06-12 12:56 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 14:49 - 2015-06-12 12:56 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-14 11:51 - 2010-10-14 10:24 - 00000000 ____D C:\Users\arvis\AppData\Local\ElevatedDiagnostics
2016-11-14 11:32 - 2014-03-19 19:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-14 11:32 - 2014-03-19 19:53 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-14 11:16 - 2010-05-22 16:35 - 00000000 ____D C:\Users\arvis\AppData\Local\Google
2016-11-11 14:30 - 2015-06-12 12:36 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-11 14:18 - 2015-06-12 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-11 14:18 - 2015-06-12 12:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-10 14:10 - 2010-11-14 15:17 - 00000000 ____D C:\Program Files (x86)\Switlle
2016-11-10 13:52 - 2010-09-25 17:50 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-10 13:31 - 2015-10-11 13:55 - 00000000 ____D C:\Users\arvis\AppData\Local\Packages
2016-11-10 11:29 - 2015-10-11 14:02 - 00000000 ___RD C:\Users\arvis\OneDrive
2016-11-07 10:33 - 2010-05-22 16:33 - 00000000 ____D C:\Users\arvis\AppData\Local\VirtualStore
2016-11-07 05:47 - 2012-08-26 15:16 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-07 04:20 - 2010-05-22 16:55 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-10-28 17:56 - 2016-07-16 05:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-28 17:56 - 2016-07-16 05:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-24 22:15 - 2010-09-12 23:27 - 00000854 _____ C:\Users\arvis\AppData\Roaming\wklnhst.dat

==================== Files in the root of some directories =======

2010-09-12 23:27 - 2016-10-24 22:15 - 0000854 _____ () C:\Users\arvis\AppData\Roaming\wklnhst.dat
2011-06-14 14:02 - 2011-06-14 14:02 - 0003584 _____ () C:\Users\arvis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-26 22:15 - 2012-01-05 12:03 - 0011190 ___SH () C:\Users\arvis\AppData\Local\r5mhodpfwo464lyw
2012-09-09 16:53 - 2012-09-09 16:53 - 0000218 _____ () C:\Users\arvis\AppData\Local\recently-used.xbel
2010-09-06 15:35 - 2010-09-06 15:35 - 0000017 _____ () C:\Users\arvis\AppData\Local\resmon.resmoncfg
2016-11-12 06:10 - 2016-11-12 06:10 - 0000000 _____ () C:\Users\arvis\AppData\Local\{BCC25275-CC29-41DD-B190-9EE4C453F819}
2010-05-22 16:52 - 2010-05-22 16:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-12-26 22:15 - 2012-01-05 12:03 - 0011190 ___SH () C:\ProgramData\r5mhodpfwo464lyw

Files to move or delete:
====================
C:\Users\arvis\jagex_runescape_preferences.dat
C:\Users\arvis\jagex_runescape_preferences2.dat


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\WINDOWS\system64


testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION


LastRegBack: 2016-11-17 05:34

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01
Ran by arvis (21-11-2016 02:48:53)
Running from C:\Users\arvis\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-27 10:19:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4037827805-714374717-3792867422-500 - Administrator - Disabled)
arvis (S-1-5-21-4037827805-714374717-3792867422-1001 - Administrator - Enabled) => C:\Users\arvis
DefaultAccount (S-1-5-21-4037827805-714374717-3792867422-503 - Limited - Disabled)
Guest (S-1-5-21-4037827805-714374717-3792867422-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-4037827805-714374717-3792867422-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Reader 9.4.3 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.4.3 - Adobe Systems Incorporated)
Agents for Visual Studio 2012 RC - ENU (x32 Version: 11.0.50522 - Microsoft Corporation) Hidden
Agents for Visual Studio 2012 RC (HKLM-x32\...\{8def2fbf-48ad-4771-bb3d-fc909b91e30a}) (Version: 11.0.50522.0 - Microsoft Corporation)
Agents for Visual Studio 2012 RC (x32 Version: 11.0.50522 - Microsoft Corporation) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1105 - Alps Electric)
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: - )
Audacity 1.3.12 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
Automap 4.6 (HKLM\...\Automap Universal_is1) (Version: 4.6 - Focusrite Audio Engineering Ltd.)
Automap ReWire 1.0 (HKLM-x32\...\Automap Universal ReWire_is1) (Version: 3.5 - Novation DMS Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 6 (HKLM-x32\...\AVS4YOU Video Converter 6_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.3 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
BananaScreen (HKLM-x32\...\{A9093D28-B74F-4CA5-86F0-6C5BB55E166E}) (Version: 1.2.1 - Banana Security)
Bass Station 1.7 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 1.7 - Novation Digital Music Systems Ltd.)
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Bome's Virtual MIDI Port 1.0.0.11 (HKLM-x32\...\BMIDI_Driver1.0.0.11_is1) (Version: - Bome Software GmbH & Co. KG)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.03 - Broadcom Corporation)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Counter-Strike: Source Beta (HKLM-x32\...\Steam App 260) (Version: - )
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3520.50 - CyberLink Corp.)
DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.4.1.4 - DivX, LLC)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
DroidPad 1.2 (HKLM-x32\...\{046B525C-FEC6-42A2-A637-53CC2F58100E}_is1) (Version: 1.0 - Digitalsquid)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Free CraigsList Reader Pro from CraigsPal 4.6.6 (HKLM-x32\...\{F98C46C6-F9BB-468F-A67E-31FD10E5FC42}) (Version: 4.6.6 - CraigsPal)
Free CraigsList Reader Pro from CraigsPal 4.7.6 (HKLM-x32\...\{DE1685C9-3D62-444F-9663-0FB6850CD236}) (Version: 4.7.6 - CraigsPal)
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3006 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.6.0730 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3503 - Gateway Incorporated)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-4037827805-714374717-3792867422-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google SketchUp 8 (HKLM-x32\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)
Google Talk (remove only) (HKU\S-1-5-21-4037827805-714374717-3792867422-1001\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.55 - Conexant Systems)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Gateway Incorporated)
iDisplay 2.4.2 (HKLM-x32\...\iDisplay_is1) (Version: 2.4.2.16 - SHAPE)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{BCF07271-A853-4D3A-B668-4B752174CAA8}) (Version: 10.3.1.55 - Apple Inc.)
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.260 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Gateway)
Lineage II (HKLM-x32\...\NCW-LINEAGE2) (Version: 1.0.0.2 - NC Interactive, LLC)
Live 8.2.2 (HKLM-x32\...\Live 8.2.2) (Version: - )
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
LTspice IV (HKLM-x32\...\LTspice IV) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Streets & Trips 2007 with GPS Locator (HKLM-x32\...\{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}) (Version: 14.0.09.1100 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio Professional 2012 (HKLM-x32\...\{17c2e197-cf26-443b-8beb-53151940df3f}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Miro (HKLM-x32\...\Miro) (Version: 5.0.2 - Participatory Culture Foundation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NCsoft Launcher (HKLM-x32\...\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}) (Version: 1.5.19002 - NCsoft)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1398 - Electronic Arts)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 3.0.4 - Vitalwerks Internet Solutions LLC)
Novation FX Plug-in Suite 1.2 (HKLM-x32\...\{43F14A7D-1A57-4d1b-A668-9EAC74A3B317}}_is1) (Version: 1.2 - Focusrite Audio Engineering Ltd.)
Novation USB Audio Driver 2.3 (HKLM\...\Novation USB Audio Driver_is1) (Version: 2.3 - Novation DMS Ltd.)
Opera 11.61 (HKLM-x32\...\Opera 11.61.1250) (Version: 11.61.1250 - Opera Software ASA)
PC Remote Receiver 5.2.3 (HKLM-x32\...\PC Remote Receiver) (Version: 5.2.3 - monect.com)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PocketCloud Windows Companion (HKLM-x32\...\{549F1CE0-100D-4DDA-BEC0-79BA72321665}) (Version: 2.2.15 - Wyse Technology)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0124 - REALTEK Semiconductor Corp.)
ReMOTE Editor (HKLM-x32\...\ReMOTE Editor_is1) (Version: - Novation DMS Ltd.)
rtpMIDI (HKLM-x32\...\{FD937297-84C3-41A5-B5DF-1FAEEE669D68}) (Version: 1.0.7.221 - Tobias Erichsen)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio (x32 Version: 3.0.0.60404 - Samsung Electronics Co., Ltd.) Hidden
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.2.0.37 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.58.0 - Samsung Electronics Co., Ltd.)
Secure Download Manager (HKLM-x32\...\{6CEF2BC6-8929-44EE-8360-175513E1A49A}) (Version: 3.0.5 - e-academy Inc.)
SecureW2 Enterprise Client 3.4.5 (HKLM-x32\...\SecureW2 Enterprise Client) (Version: - )
Skype Toolbars (HKLM-x32\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Test Controller for Visual Studio 2012 RC - ENU (x32 Version: 11.0.50522 - Microsoft Corporation) Hidden
Test Controller for Visual Studio 2012 RC (HKLM-x32\...\{4c320618-2f0d-4a75-8d3d-628d7c851080}) (Version: 11.0.50522.0 - Microsoft Corporation)
Test Controller for Visual Studio 2012 RC (x32 Version: 11.0.50522 - Microsoft Corporation) Hidden
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM-x32\...\InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}) (Version: 1.23.0000 - Texas Instruments Inc.)
theHunter (remove only) (HKLM-x32\...\theHunter) (Version: - Expansive Worlds)
TI-83 Plus Flash Debugger (HKLM-x32\...\TI-83 Plus Flash Debugger) (Version: - )
TIPCI (x32 Version: 1.23.0000 - Texas Instruments Inc.) Hidden
TouchOSC Bridge version 1.0 (HKLM-x32\...\TouchOSC Bridge_is1) (Version: 1.0 - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UltraNova Editor 1.1 (HKLM\...\{04351EBB-5491-4279-B59A-D96ED9296A85}}_is1) (Version: 1.1 - Focusrite Audio Engineering Limited)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Video Web Camera (HKLM-x32\...\{12A1B519-5934-4508-ADBD-335347B0DC87}) (Version: 1.7.82.1203 - Chicony Electronics Co.,Ltd.)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Vodafone WCDMA Composite Device Drive Software (HKLM-x32\...\Vodafone WCDMA Composite Device Drive) (Version: - )
V-Station 1.7 (HKLM-x32\...\{842C6AFC-7856-4fd9-99AF-8900554ACAA2}_is1) (Version: 1.7 - Novation Digital Music Systems Ltd.)
War Thunder Launcher 1.0.1.604 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3009 - Gateway Incorporated)
WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT)
Winamp (HKLM-x32\...\Winamp) (Version: 5.572 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-4037827805-714374717-3792867422-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WorldUnlock Codes Calculator (HKLM-x32\...\WorldUnlock Codes Calculator) (Version: - )
wunderlist (HKLM-x32\...\{0C8E1641-4614-47BA-83FF-8B129B904A29}) (Version: 1.1.1 - None provided)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yawcam 0.3.6 (HKLM-x32\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0020FA3A-07A4-411E-AB03-CEA8343817CC} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {07A62360-CE60-4D74-B7AA-3CBBEED4F732} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {220B4D89-E41A-40E9-A985-04C1AFD97B27} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2009-10-01] (Acer)
Task: {2868E789-BB75-432C-BA94-18060AD767A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {2C4F78AC-0B21-4586-8E7A-D923A45BE61C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4037827805-714374717-3792867422-1001UA => C:\Users\arvis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {33B8D61C-F92B-4C06-9162-BDD9CAD42034} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-13] (Adobe Systems Incorporated)
Task: {396E183E-70C4-429A-BB1D-AAFFF25FA83C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4037827805-714374717-3792867422-1001UA => C:\Users\arvis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-16] (Facebook Inc.)
Task: {628B26EF-4A01-45FB-9631-27E958E47AB2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4037827805-714374717-3792867422-1001Core => C:\Users\arvis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-16] (Facebook Inc.)
Task: {6E9BBC57-7F3C-433A-8AF2-0EE12755BA53} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
Task: {88820F0F-23F5-4457-AA47-AD7A83DB9958} - System32\Tasks\UALU notificatin => C:\Program Files\Gateway\Gateway Updater\UALU.exe [2016-06-08] (Acer Incorporated)
Task: {A54285C7-B027-42E2-98B6-E7578BE9ECBF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-14] (Microsoft Corporation)
Task: {BCE241C3-AB96-4328-AF98-91701D08F142} - System32\Tasks\{B4DC6698-FA7A-4D19-B073-3D1822DABB7B} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-06-02] (Skype Technologies S.A.)
Task: {D3D6578F-5416-4385-A22E-BA52F4647CEC} - System32\Tasks\{EA737B99-0CFB-4C11-9C54-C07007CD7952} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\3\SSCDUninstall.exe
Task: {E4731EF2-EDB6-4548-8E60-8E572DD03E9F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4037827805-714374717-3792867422-1001Core => C:\Users\arvis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F1A1FA04-27F5-4396-8D2E-0C81FC8551C9} - System32\Tasks\{47545909-2DD2-4B10-AB7D-9B168C16E880} => pcalua.exe -a C:\Users\arvis\Downloads\wmp11-windowsxp-x86-enu.exe -d C:\Users\arvis\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4037827805-714374717-3792867422-1001Core.job => C:\Users\arvis\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4037827805-714374717-3792867422-1001UA.job => C:\Users\arvis\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4037827805-714374717-3792867422-1001Core.job => C:\Users\arvis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4037827805-714374717-3792867422-1001UA.job => C:\Users\arvis\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\arvis\Desktop\deskto\pc-programos\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.gateway.com/redirect.aspx?rid=09000002

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-02 10:41 - 2016-09-15 11:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-02 10:41 - 2016-09-15 11:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-27 07:57 - 2016-09-27 07:57 - 01864384 _____ () C:\Users\arvis\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-09-27 06:17 - 2016-09-27 06:17 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-16 05:42 - 2016-11-02 04:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-07 04:43 - 2016-11-07 04:45 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-07 04:43 - 2016-11-07 04:45 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-16 05:34 - 2016-11-02 04:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-16 05:36 - 2016-11-02 04:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-16 05:36 - 2016-11-02 04:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-16 05:34 - 2016-11-02 04:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-16 05:34 - 2016-11-02 04:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-16 05:34 - 2016-11-02 04:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-02 10:28 - 2016-09-15 11:29 - 03388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2016-09-27 06:18 - 2016-09-27 06:18 - 02263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2016-11-15 14:48 - 2016-11-08 14:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 14:48 - 2016-11-08 14:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-4037827805-714374717-3792867422-1001\Software\Classes\.exe: exefile => <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-30 16:42 - 2015-07-30 16:39 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4037827805-714374717-3792867422-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CronService => 2
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: Greg_Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: LVPrcS64 => 2
MSCONFIG\Services: MonectServerService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: rtpMIDIService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: TurboBoost => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: Updater Service => 2
MSCONFIG\Services: WysePocketCloud => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "Apoint"
HKLM\...\StartupApproved\Run: => "PLFSetI"
HKLM\...\StartupApproved\Run: => "Acer ePower Management"
HKLM\...\StartupApproved\Run: => "IAAnotif"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "AmIcoSinglun64"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "BackupManagerTray"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "ROC_roc_ssl_v12"
HKU\S-1-5-21-4037827805-714374717-3792867422-1001\...\StartupApproved\StartupFolder: => "Facebook Messenger.lnk"
HKU\S-1-5-21-4037827805-714374717-3792867422-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-4037827805-714374717-3792867422-1001\...\StartupApproved\Run: => "Google Photos Backup"
HKU\S-1-5-21-4037827805-714374717-3792867422-1001\...\StartupApproved\Run: => "swg"
HKU\S-1-5-21-4037827805-714374717-3792867422-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4037827805-714374717-3792867422-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4037827805-714374717-3792867422-1001\...\StartupApproved\Run: => "Speech Recognition"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{02ACE646-4233-4D5D-8007-644998E04449}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{9CD1A454-EDA3-48E8-BC9B-2F2BC061C468}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{812A0D22-4368-4754-A4D7-678CF6B03BE5}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{8FF4C674-B00E-466D-9B99-476558CA7A65}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{57C63367-7BC2-454A-B9F2-8F511B4BD765}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{9FCCB72C-AEE8-4FEE-9FB1-160D17E52ADF}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{77E6BCEC-E6FC-4B1B-ACD6-38421B8A6433}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CE758127-59AE-4F1C-81AB-813CD5ADE71D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E31ED15D-EE2F-411A-9443-AEC432BFC99A}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{E25AB19F-5082-4FAB-A05E-04606CE14CE9}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{0AF60D5D-FD4C-402E-B2BC-144C1615244C}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{F745A5E1-0C1C-46A7-AA45-007DDB52FFE4}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{CC176AB0-CD46-40F1-94BC-DE920827F8A8}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{AF240FD5-D3BE-42D5-9884-080FB736C76D}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{5B033CAE-6DEF-48F6-8E3D-E41562FB1653}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{207B4600-5795-4312-A972-C02A7683F371}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{877BEE47-78B2-42AE-B95F-2428E179D3FD}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{73A5D7D3-9A58-4D98-9B16-12435AE3A7CB}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{7FE40B6A-4266-46CD-8F52-3AC5D36C63F4}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{B78A4894-E668-48A7-BA49-34A5635B1388}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{8905BB9C-4DC4-4DA5-AC85-E77277F149DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{36E3AE8D-AC96-42E6-B1C2-97DF1A0DCF66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{39972472-F87C-4CF2-96F9-B27FB0DBA87D}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{D3D74B7C-8C96-4A92-AE60-B7EFC51F9E5F}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{0DE03B1C-4313-4C30-B3B3-4B5BC70D146D}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{D98658AA-B425-4CA8-B05C-DD4B0CB49CE3}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{536CEEEC-9AA9-4474-A7D5-9EA90615B82B}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{1DACB194-6440-4ED8-9E25-3F04D69750AC}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{F33014EF-9F26-470D-80BB-E46386113E7F}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{1C8283F0-5E80-485E-AE54-7A4DB5E84D10}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{28F721B3-4F67-49A2-9636-0A9CD6A2EA2F}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{EFCC5ED9-6BFE-43B5-B089-DB05787A3D35}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{F1A5A8E4-C5D0-4959-83B6-2EC740AB7036}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{6535FF6A-FFD5-4A35-8B1E-3C19757367AD}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{00BE4926-AFD4-413F-9018-7EC849920986}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [UDP Query User{D8AB94D2-13A4-4C5D-B5D4-8E28C5176F38}C:\warthunder\aces.exe] => (Allow) C:\warthunder\aces.exe
FirewallRules: [TCP Query User{31A61A77-385D-4125-B688-CF9249791997}C:\warthunder\aces.exe] => (Allow) C:\warthunder\aces.exe
FirewallRules: [{834228A0-5A17-4DE3-B5FE-08651DB2435C}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [{FCBFB20F-0829-4B11-93A3-7C8DF675C294}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [{8B95B445-E90C-414B-B0FC-3962C21A69CA}] => (Allow) C:\WarThunder\launcher.exe
FirewallRules: [{DAC2E7EF-057C-42BF-9BD7-32625BAF3089}] => (Allow) C:\WarThunder\launcher.exe
FirewallRules: [{BA3346E4-E593-4964-A71F-9770069E7624}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{45C9FCA6-7FC1-4AF0-99BC-2F07AE4D817E}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{66D08B34-22B7-4557-8EA0-59E3A0E21F7C}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{41685B8D-7C12-489A-A22F-9141DDAFFCD2}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{1E1B898F-091D-4276-896A-97451B155D59}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{398F8691-0D2C-4FA8-9ED1-7D2D79687856}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [UDP Query User{9A99E87F-3E61-4510-9B28-E916223F6313}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [TCP Query User{45003514-DE50-449E-8BAE-CFCFAD2C8036}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [{AC9B9F67-2BF4-47EB-B241-DC4CF95A605C}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{787A730F-1F26-4E56-ACE3-E5D1CEA2C142}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{7282D011-7149-4684-87A4-60FFA5B37B16}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{EAA5B652-BF3C-440F-A99D-29066D112D88}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{E02B71BA-2253-4797-B0B9-0E689FF24942}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{1075BD7E-AA08-4EBF-B9F7-90FF8EC8B74F}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{02D64A99-F539-4D1D-B62B-AB54A6005428}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{6F409275-DA26-43C9-9920-FF8D1B4448AE}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{C4AB9E52-EE4C-48B5-8812-88474DA7A366}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{8D704189-0C81-4058-BB94-582D5BDE4240}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{9131168E-DB13-4B3B-A5D7-5516A050AA31}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{AB605C13-A431-4B46-AF33-8FBA06AAFDF1}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{F9E71B5B-2BBC-4420-9453-0D35014B6676}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{0FB48ABC-8F5A-4994-9F93-AF2F77FD71B1}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{1181B347-E8BC-4E57-AE87-775E3BBBDECB}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{22C83C3A-310F-401C-A7F1-B4655554AE94}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{65EAE086-B5D7-4667-A409-3D889CF56CE6}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{7563C664-CF06-42E0-B5ED-170ABA6AE10B}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{87B0ADCC-7ACC-4B34-A1D1-D16EC2AF245C}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{7E865056-3654-4D4B-8642-CCF7DBC14F6F}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{DD11BE49-73A2-4E2C-A03C-9C3BFF36A3AA}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{1D18BC6E-9E0B-46FB-87E0-CC4670C8371E}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{7BC9DF13-EA68-4EF8-8BC3-7B7D029465A4}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{51271453-E337-4149-9993-A7ADB36A2EBF}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{2A7A5DAF-FC51-4EA8-85A3-D9E8607B59FD}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{A98994B8-25FD-4DA2-BA2C-8766FC33CCCD}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{96B8016D-F09A-44D7-B5F2-E8A1C894DEBF}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{18D93015-9280-44F8-8516-720C54AA0A15}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{CEE046DB-B020-47A2-AF68-F4F6DD41AF06}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{94397FC3-CB41-4437-A925-443344761548}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{3037AC00-C6D0-4909-9AE6-111F9C0EB473}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{46F4AED8-4B68-41DC-97BD-55CEF73F6656}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{FED536FA-BFDF-4DA2-9FA4-4F67FA24A5BC}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{97653AC7-7DFC-4F44-BF22-6DC8449C4A87}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{D156E159-BEBE-4B37-9BF3-452097A460FE}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{5614C6FB-8E2D-4550-A773-C03179E0FB54}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{E18E27CF-C93A-4ACC-9273-C44EBFA0258A}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{3D2EA20F-5662-4B1C-B947-BD958EBDFC39}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{D39053D2-4342-4C41-92D9-981C2E494ED0}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{79A43806-E855-4571-B24D-7E6A72A9D391}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{679C19E6-EDA1-458E-9B01-96791F116349}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{B67BEBF7-F718-49AD-AC0A-56F96BAE4DFF}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{D345399B-0D92-43C3-8EB4-ABE391E71E81}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{E386F2FD-B5D8-4FD2-8E29-FAF443BC83C4}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{589278B1-B7C2-47CC-9156-503796E21E2B}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{011F6F01-4D9C-4560-9784-7A71ED443FFB}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{6AA3F68D-C97E-4E81-AB8F-34B793D7B344}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{DF01C969-3AEB-4231-BAEB-08189441B647}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{3089FFE5-6C91-4AC0-A63B-F96E97FE3B13}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{781577ED-C947-4F0B-A991-1E31CC80EC24}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{31E152D4-FD96-487F-BA0F-5F695D3319A7}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{22A2E4DC-3448-4DD3-9640-6B056152CBB3}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{3943CCB0-E5DB-4C77-AAEC-6BE072EABD2D}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{331F1766-C78F-4D1D-859C-AC98FB6F80FD}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{D796D11E-CAC7-44A8-AFC1-CF90D53F8307}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{0AF294D6-240E-4ABD-9C0E-FD24164F21B9}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{B7EA0B61-D4DD-49CD-B93F-21AB14387AFC}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{25543147-8B73-4B9D-ACA2-566D19BE888E}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{200F4F04-A771-41D9-8375-7F9A1BBF37A6}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{995CA1A2-17D4-48C5-89CD-AB312CE79150}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{B01C2611-F689-4619-8428-960A4A7C61AD}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{A7AA8432-1B84-4276-B6CF-C03BD0D95F2D}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{ADA74F9C-0825-44AA-BB82-90AF0B57253F}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{65D2858A-1A44-4ABB-A93B-B2150A6633C5}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{C929C200-01EF-4566-A845-63EE7F20DD82}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{86B01893-FE3B-4653-AF37-1809E11440D3}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{E09B80FF-A61F-4A24-A936-40C6C461A5A0}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{56EBBA18-41A7-4AAD-8A2A-CEC6E926B466}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{33E258AC-97F7-480D-A9ED-718BE3C08692}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{5AB02B9E-F79E-45CF-B201-420FDEC614C8}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{500F3196-5C30-4799-BE18-C6A26723406B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C609A2B4-F317-4D9C-B2DB-7D0560F57783}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D1A99323-53AA-42CC-A433-4FA4914E8C78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{296FB5C3-D40E-4AE5-8D5C-462417B6DFC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{C03E001D-5E74-45E2-9D1C-54ADDEFD4B1C}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{F60ECCCA-3580-43DE-B89A-F1BBC0C50E43}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{AB71EFA6-0092-4453-BD1F-4AED0CDB4C85}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{259DEBED-6354-4790-86B1-3AE644AF1F4D}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{BDF472BE-971D-4D51-87AE-A419F530B7F6}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{7B491221-62A3-4A34-93B8-E881E2D0D9B4}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{13989759-4949-468B-B623-BD920BDB1501}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{7DE4CCCD-18D8-4638-8CFC-781DDA3AF7E3}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{E7D38C97-F392-47D7-B68F-FEE2E9D83714}] => (Allow) C:\Users\arvis\AppData\Local\Temp\7zS7E70\hppiw.exe
FirewallRules: [{D3A15635-F9B3-40F4-9F8B-D1E63EBA5B5F}] => (Allow) C:\Users\arvis\AppData\Local\Temp\7zS7E70\hppiw.exe
FirewallRules: [{4270EEEE-AF73-4CD1-9277-A5E93B867200}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{C6D20C3F-EA26-4745-8AC3-D8FE3CF1EEE5}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{A1E536AE-3217-4925-A749-851829ECE85C}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{F295D338-181E-452E-B0CB-232816A5045C}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{397A3CBD-6CB9-49F6-97DA-7AA67DD36B65}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{6B89BD71-80C9-452B-88C4-F67F3D7D8D3C}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{95A68B86-E22B-4610-9A48-CB6FFC29557C}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{D12CE23B-8E72-4810-9DE6-E0B25E9B4C98}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{E8C2FCBA-1AB9-4480-99DD-A6ED93B5A12B}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{FF7F7A0D-C8B6-41D8-8B9F-88C0FA82759D}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{2534B387-968C-41C0-BD7A-E6D3433A9E59}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{2994D0EE-5A24-4887-93C6-C15609F26FD8}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{E7F8AA95-A6B3-4AE2-9279-7A3461139927}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{FE245FC4-1956-4A64-B2AA-702F9BB2CA7F}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{3C23889A-5213-43E4-802B-A958C430C647}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{B277DD94-0C97-4C74-8858-C3463320B96D}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{F7D867B0-1C50-43E8-B6C6-4CD3364EE894}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{DCA089BD-EFA7-418C-A08B-FCC004F1978C}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{8C2C4C97-7597-404E-9907-8EEBED8F99F7}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{9437D5E2-AA6C-4E18-8BA0-9C1AAABA35F5}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{5E9C6F4E-A92E-4C48-B7B5-BA66FC234889}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [UDP Query User{006CE542-A172-4375-95BA-BE1175B5FEAC}C:\program files (x86)\idisplay\idisplay.exe] => (Allow) C:\program files (x86)\idisplay\idisplay.exe
FirewallRules: [TCP Query User{E18CBFA3-1108-4423-95FA-A7425E0A26E3}C:\program files (x86)\idisplay\idisplay.exe] => (Allow) C:\program files (x86)\idisplay\idisplay.exe
FirewallRules: [UDP Query User{8C5464F2-A908-4D24-B421-E9CF98FA9451}C:\program files (x86)\novation\automap\automapserver.exe] => (Allow) C:\program files (x86)\novation\automap\automapserver.exe
FirewallRules: [TCP Query User{CAFCDD62-7C6C-4DB8-B1F2-0AB4FD36370B}C:\program files (x86)\novation\automap\automapserver.exe] => (Allow) C:\program files (x86)\novation\automap\automapserver.exe
FirewallRules: [{B1658B1F-42B7-472C-8EBE-A07DF7931A72}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [UDP Query User{26CDF4C9-066B-45E2-A242-34EBE1FC268E}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [TCP Query User{D02EF67F-3A60-434F-81D3-59B9B9669DEF}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [{CE33AF1E-FB85-4E89-BD06-E378ADFC7A67}] => (Allow) C:\Program Files (x86)\theHunter\launcher\launcher.exe
FirewallRules: [{13FDC5C3-AAEB-49F3-8BF7-12639DB31C0E}] => (Allow) C:\Program Files (x86)\theHunter\launcher\launcher.exe
FirewallRules: [{49DF9E34-5778-4D0A-831B-34F2466262D4}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{D2385FFF-776C-4D83-8AEF-EFBEC1F48AE9}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{46C7BF0F-5703-49C0-B6FD-D44BCF964AB6}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{D054E25B-9714-4258-A381-F7C7E2D5377D}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{811D43CE-2185-4D63-9229-03CAD3C8D954}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{40AF4E68-51B7-4AC1-978F-9DD00F1E73A2}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{5852CA06-1EE1-487E-8206-C41A0B320A8C}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{9A8818E8-D856-4F0E-A886-3278921BD482}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{9507E145-0406-4A01-BC01-BAD552B9E812}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{EAF33EFE-B560-4C1A-A733-D1FFA8DDA2C0}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [UDP Query User{C5CB7E41-387F-4020-BA14-978AE8EE0E2C}C:\users\arvis\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe] => (Block) C:\users\arvis\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe
FirewallRules: [TCP Query User{14F019AE-01FD-40B3-A519-81D60B978F28}C:\users\arvis\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe] => (Block) C:\users\arvis\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe
FirewallRules: [{6E236D35-248D-4FEB-A8A1-7A1FFC105304}] => (Allow) C:\Program Files (x86)\TightVNC\vncviewer.exe
FirewallRules: [{F3EBF8BF-2701-42F3-93CE-E1E93EDFC97F}] => (Allow) C:\Program Files (x86)\TightVNC\vncviewer.exe
FirewallRules: [{E523AA92-C5CC-48B5-B98E-FA036C6AFD93}] => (Allow) C:\Program Files (x86)\TightVNC\tvnserver.exe
FirewallRules: [{A9AD5AA1-4BD1-47BF-83A4-E601E004B45A}] => (Allow) C:\Program Files (x86)\TightVNC\tvnserver.exe
FirewallRules: [UDP Query User{6E1EF026-27A9-479D-8136-3A479442131B}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [TCP Query User{0DA01F43-8D3F-454B-BEA5-FAE43832E3C0}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [{CA780735-90CC-4089-B129-559D690FBFF8}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe
FirewallRules: [{B3CC7713-0FEF-43DD-96DE-3015C7E34492}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
FirewallRules: [{6783D785-3BCF-4121-9CCC-D6D50A366432}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
FirewallRules: [{9F93444A-4AFA-4497-A6C4-4D2B6E8C5FE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\arvynet\counter-strike source\hl2.exe
FirewallRules: [{CF95E65C-6761-4897-9F1B-937D3EFA0D56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\arvynet\counter-strike source\hl2.exe
FirewallRules: [{41B6C9ED-BC18-42FD-A1DC-A73489FBF3AF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{6DFFE7E1-8172-4715-A51E-432B32766C80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{103D1EF2-65AB-4B2E-B50E-CA3FDFA58608}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{A31F5900-2E6E-4958-9089-27B453F25ADC}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{CD420B16-C56F-464B-8FAB-9053CF9E9431}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{1611B744-99CD-4767-A36C-0592F761587C}C:\program files (x86)\atari\tdu2\testdrive2.exe] => (Allow) C:\program files (x86)\atari\tdu2\testdrive2.exe
FirewallRules: [TCP Query User{E96CF9BF-483E-4811-93E8-A0109F857BA6}C:\program files (x86)\atari\tdu2\testdrive2.exe] => (Allow) C:\program files (x86)\atari\tdu2\testdrive2.exe
FirewallRules: [UDP Query User{8E46F971-A7AA-4761-9A6C-284162DE576C}C:\program files (x86)\atari\tdu2\uplauncher.exe] => (Block) C:\program files (x86)\atari\tdu2\uplauncher.exe
FirewallRules: [TCP Query User{F4BA5987-A7DA-44EF-9C9D-CC172040ED3F}C:\program files (x86)\atari\tdu2\uplauncher.exe] => (Block) C:\program files (x86)\atari\tdu2\uplauncher.exe
FirewallRules: [UDP Query User{62AD6872-92E3-4752-A582-C7EE99154235}C:\program files (x86)\atari\tdu2\_uplauncher.exe] => (Block) C:\program files (x86)\atari\tdu2\_uplauncher.exe
FirewallRules: [TCP Query User{2D9BFFC1-706D-49D9-AA96-E30438B99F87}C:\program files (x86)\atari\tdu2\_uplauncher.exe] => (Block) C:\program files (x86)\atari\tdu2\_uplauncher.exe
FirewallRules: [UDP Query User{7D339835-F53F-4C0E-924E-BE097CAB13EE}C:\program files (x86)\atari\tdu2\uplauncher.exe] => (Block) C:\program files (x86)\atari\tdu2\uplauncher.exe
FirewallRules: [TCP Query User{4CCE0CFA-395D-4769-BB7C-880A83493E42}C:\program files (x86)\atari\tdu2\uplauncher.exe] => (Block) C:\program files (x86)\atari\tdu2\uplauncher.exe
FirewallRules: [{64F8C3EF-16BE-4E20-AF46-1572A905C7CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\arvynet\day of defeat source\hl2.exe
FirewallRules: [{5A2BC8AF-C75E-4285-944A-2C2994A48BB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\arvynet\day of defeat source\hl2.exe
FirewallRules: [UDP Query User{92BB238E-240B-4EEC-A4BD-60E183F825C1}C:\program files (x86)\opera 11.00 beta\opera.exe] => (Allow) C:\program files (x86)\opera 11.00 beta\opera.exe
FirewallRules: [TCP Query User{F73473C1-9EF5-4D21-977A-54AF8BE6A255}C:\program files (x86)\opera 11.00 beta\opera.exe] => (Allow) C:\program files (x86)\opera 11.00 beta\opera.exe
FirewallRules: [{DF8B0E28-BEDB-4DCA-B471-408A391C385A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\arvynet\counterstrike source beta\hl2.exe
FirewallRules: [{BF0AD57A-A707-4DEC-80E9-08CB4BB4A630}] => (Allow) C:\Program Files (x86)\Steam\steamapps\arvynet\counterstrike source beta\hl2.exe
FirewallRules: [UDP Query User{A28ADF3D-A121-40AD-9F37-AC07F4C7EA0A}C:\program files (x86)\steam\steamapps\arvynet\half-life 2 deathmatch\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\arvynet\half-life 2 deathmatch\hl2.exe
FirewallRules: [TCP Query User{05FC0073-C7A3-40C9-B39C-BFB1A712A0A8}C:\program files (x86)\steam\steamapps\arvynet\half-life 2 deathmatch\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\arvynet\half-life 2 deathmatch\hl2.exe
FirewallRules: [{F6A94989-883D-4223-86B1-134230E6F216}] => (Allow) C:\Program Files (x86)\Opera 11.00 beta\opera.exe
FirewallRules: [{E2C67BE6-1334-4DED-A23F-1CE3E8B910B6}] => (Allow) C:\Program Files (x86)\Opera 11.00 beta\opera.exe
FirewallRules: [{BB411BBA-6C75-4015-84A6-A08AFAEE4F35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\arvynet\counter-strike source\hl2.exe
FirewallRules: [{686C62AF-1219-447A-BA76-0983785FD92C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\arvynet\counter-strike source\hl2.exe
FirewallRules: [{B73E34E3-26F2-4A77-989F-66A256448FD8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D6698CB4-8182-49E0-ADB9-0E8308460BB3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{FF30C5B9-3A25-4DD3-AABC-FB867AAFFDC9}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe
FirewallRules: [TCP Query User{164F7D48-F7B8-4F16-883B-80B9809AC0DE}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe
FirewallRules: [{5315E1F4-49E0-4C69-9DF1-6A07F796F061}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{456B66C7-BEA1-4F29-807D-EF36777C382E}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{B17163A0-A358-4583-A087-0210F8561411}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BAC0D09E-1568-40E8-A4EA-5FDF9493A544}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{E5E83CF8-A06C-41EF-BC0E-B7DAB1E78DD5}] => (Allow) svchost.exe
FirewallRules: [{02640FC2-5837-4534-8959-6F72C3344907}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B6281B9C-6669-46E2-A14D-44B213EB274F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{C23432DA-60D9-478A-B5AD-3473BF1EEC6C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{12C7B784-23F8-4181-B74C-73C535E21983}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{80E2DC4A-9962-4661-9484-7C9F6D16851C}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{B4B8FF25-EDA2-4537-9E27-AFCE73B4E3D2}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{7E0168F6-B147-4A08-90FA-5161958372AF}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{0213EF6F-23B4-41A0-9F73-CDFF5A910C43}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{532CFDB4-2B75-4A72-AD20-32BE9C05A053}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{08CEDC44-BC84-4AF2-942A-B057FE5B65C3}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{97BB2C58-5E96-4589-A384-CA7BAD40B31D}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{AF0759B1-7039-49FF-8629-8AE881DB8DB5}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{E21FC019-ACD4-46AC-8F98-3F0AE07BBD28}] => (Allow) C:\Program Files (x86)\PC Remote Receiver\MonectMediaCenter.exe
FirewallRules: [{50378DF7-27A2-468E-9A5C-AA5D10F12B4F}] => (Allow) C:\Program Files (x86)\PC Remote Receiver\PCRemoteReceiver.exe
FirewallRules: [{4FDA25FC-1830-4902-B0DF-9792BC6B8EF3}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{0B3706EF-C434-4CA7-8DFE-288DAE7C62C0}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{1C1A5087-5D9A-4EB9-94FD-D87BBACE56A9}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{2E2CDBEC-807F-4A62-B6EA-B3AED861C108}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{DC6E6E33-CD7C-41A7-8CC9-CC4D224388A8}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{2CB615B2-A99A-454D-9334-B7E7DD4C758A}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{778F8FE3-D8F4-4BA1-AD71-09B5185C33D2}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{ADAB5381-11BB-4A69-8F6C-2BA00EE1F9AF}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{A84D9C40-BDCA-42F4-AD2B-453D1BF71E42}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{C2F0D7C0-E6FD-4D92-9A82-61CBFD3E96F3}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{C767D6A6-F7B3-413F-ACED-03B5C600D50C}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{AC9DF73C-DAA1-4D5C-B40D-D58AE18EF284}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{0A8C3F52-2C3F-4B12-9089-FD7429B7B72E}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{B698D0B9-E089-4045-8CE5-0DB4845F25D9}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{2A9B1092-3CB2-470E-8BE5-39539BE13FB8}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{1CDE287A-6E3A-436C-9ADF-73B01A15AB87}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{2B194717-F4C7-43C3-A06C-06B4DEF89D43}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{DA221FA5-7245-4DA6-B8DE-C525FD01AAC9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-11-2016 13:11:44 Removed BananaScreen
14-11-2016 11:10:26 Windows Update

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2016 03:16:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ARVIS-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/21/2016 03:05:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ARVIS-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/21/2016 03:05:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ARVIS-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/21/2016 02:46:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ARVIS-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/21/2016 02:34:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ARVIS-PC)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/21/2016 02:28:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program osk.exe version 10.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 19e4

Start Time: 01d243cf5344fb60

Termination Time: 0

Application Path: C:\Windows\System32\osk.exe

Report Id: 56119f1c-afc4-11e6-8dd3-00262d70ce8e

Faulting package full name:

Faulting package-relative application ID:

Error: (11/21/2016 02:07:45 AM) (Source: VSTTAgent) (EventID: 0) (User: )
Description: Service cannot be started. Microsoft.VisualStudio.TestTools.Exceptions.EqtException: The test agent service on the machine 'ARVIS-PC' cannot start.
at Microsoft.VisualStudio.TestTools.Agent.AgentServiceBase.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/21/2016 02:07:45 AM) (Source: VSTTAgent) (EventID: 0) (User: )
Description: The test agent service on the machine 'ARVIS-PC' cannot start. ControllerMachineName setting not in Registry.

Error: (11/21/2016 02:07:45 AM) (Source: VSTTAgent) (EventID: 0) (User: )
Description: (QTAgentService.exe, PID 2348, Thread 4) AgentServiceBase: Exception occurred while starting AgentService. Microsoft.VisualStudio.TestTools.Exceptions.EqtException: ControllerMachineName setting not in Registry.
at Microsoft.VisualStudio.TestTools.Agent.AgentServiceWrapper.Initialize()
at Microsoft.VisualStudio.TestTools.Agent.AgentServiceWrapper.OnStart(String[] args)
at Microsoft.VisualStudio.TestTools.Agent.AgentServiceBase.OnStart(String[] args)

Error: (11/21/2016 02:07:44 AM) (Source: VSTTAgent) (EventID: 0) (User: )
Description: ControllerMachineName setting not in Registry.


System errors:
=============
Error: (11/21/2016 03:01:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

Code: 8 0x0 0x0

Error: (11/21/2016 03:01:25 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

Code: 2 0xdeaddeed 0xeeec

Error: (11/21/2016 03:01:25 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

Code: 1 0xc 0x4

Error: (11/21/2016 02:56:18 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

Code: 8 0x0 0x0

Error: (11/21/2016 02:55:52 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

Code: 2 0xdeaddeed 0xeeec

Error: (11/21/2016 02:55:52 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

Code: 1 0xc 0x4

Error: (11/21/2016 02:46:48 AM) (Source: DCOM) (EventID: 10010) (User: ARVIS-PC)
Description: The server Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.

Error: (11/21/2016 02:14:55 AM) (Source: DCOM) (EventID: 10010) (User: ARVIS-PC)
Description: The server Cortana.ActionUris.ActionUri did not register with DCOM within the required timeout.

Error: (11/21/2016 02:08:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2016 02:07:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================
Date: 2016-11-21 02:40:03.936
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-21 02:40:03.881
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-17 05:35:09.615
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-16 06:57:15.783
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-15 13:21:41.211
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-09 15:20:44.105
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-09 15:20:37.338
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-08 13:13:42.637
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-07 10:44:47.496
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-07 10:44:47.494
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 83%
Total physical RAM: 2868.5 MB
Available physical RAM: 486.85 MB
Total Virtual: 4896.5 MB
Available Virtual: 696.64 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:453.94 GB) (Free:9.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1D791D79)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 22 November 2016 - 07:57 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:07 AM

Posted 22 November 2016 - 07:56 PM

Greetings arvynet and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:07 AM

Posted 22 November 2016 - 08:42 PM

Greetings and thank you again for your patience.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-4037827805-714374717-3792867422-1001 -> {479B705B-B071-4909-8518-68942DEB13D8} URL = hxxp://flvtubesearch.co/?tmp=toolbar_FlvTube_results&prt=flvtubetb01ie&Keywords={searchTerms}&clid=4e29a09ea24e4e16aed3f2e630249d20
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
U3 idsvc; no ImagePath
U3 WMPNetworkSvc; no ImagePath
2016-11-10 13:43 - 2016-11-10 13:43 - 00063092 _____ C:\Users\arvis\ia_remove.sh6500.tmp
2016-11-07 11:16 - 2016-11-07 11:16 - 00624509 _____ (CyberGhost S.R.L. ) C:\Users\arvis\Downloads\Unconfirmed 51409.crdownload
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\arvis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
HKU\S-1-5-21-4037827805-714374717-3792867422-1001\Software\Classes\.exe: exefile => <===== ATTENTION
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION
Folder: C:\Program Files (x86)\Switlle
Folder: C:\ProgramData\r5mhodpfwo464lyw
DeleteJunctionsIndirectory: C:\WINDOWS\system64
zip: C:\WINDOWS\Minidump
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will create a zipped folder in the same location from where FRST was run with today's date, example: 06.11.2016_13.24.50.zip. Please attach the file to your reply.
===================================================

BlueScreenView

----------
  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Attached Zip folder
  • BSOD.txt
  • System Summary file

Edited by Oh My!, 22 November 2016 - 08:52 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 arvynet

arvynet
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 23 November 2016 - 07:05 AM

hello gary, my name is arvy.
fiy i have another active thread in bosd forum
http://www.bleepingcomputer.com/forums/t/632319/trouble-with-win-10-laptop-bosds/?p=4124486
i have run farbar for them would you like that log as well?
 
BOSD.txt :
==================================================
Dump File         : 110916-37328-01.dmp
Crash Time        : 11/9/2016 2:42:49 PM
Bug Check String  : CRITICAL_PROCESS_DIED
Bug Check Code    : 0x000000ef
Parameter 1       : ffffca03`161c9780
Parameter 2       : 00000000`00000000
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+14a2c0
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+14a2c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\110916-37328-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 14393
Dump File Size    : 291,804
Dump File Time    : 11/9/2016 2:59:18 PM
==================================================
 
==================================================
Dump File         : 110916-64406-01.dmp
Crash Time        : 11/9/2016 2:33:41 PM
Bug Check String  : CRITICAL_PROCESS_DIED
Bug Check Code    : 0x000000ef
Parameter 1       : ffffa18c`b4c7a080
Parameter 2       : 00000000`00000000
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+14a2c0
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+14a2c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\110916-64406-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 14393
Dump File Size    : 281,172
Dump File Time    : 11/9/2016 2:36:02 PM
==================================================
 
==================================================
Dump File         : 110716-62937-01.dmp
Crash Time        : 11/7/2016 4:18:02 PM
Bug Check String  : CRITICAL_PROCESS_DIED
Bug Check Code    : 0x000000ef
Parameter 1       : ffff9901`9bdbe780
Parameter 2       : 00000000`00000000
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+14a2c0
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+14a2c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\110716-62937-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 14393
Dump File Size    : 277,876
Dump File Time    : 11/7/2016 4:20:27 PM
==================================================

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-4037827805-714374717-3792867422-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{479B705B-B071-4909-8518-68942DEB13D8}" => key removed successfully
HKCR\CLSID\{479B705B-B071-4909-8518-68942DEB13D8} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
idsvc => service removed successfully
WMPNetworkSvc => service removed successfully
C:\Users\arvis\ia_remove.sh6500.tmp => moved successfully
C:\Users\arvis\Downloads\Unconfirmed 51409.crdownload => moved successfully
"HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully
"HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-4037827805-714374717-3792867422-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKU\S-1-5-21-4037827805-714374717-3792867422-1001\Software\Classes\.exe" => key removed successfully

========================= bcdedit ========================


The operation completed successfully.

========= End of bcdedit =========


========================= Folder: C:\Program Files (x86)\Switlle ========================


====== End of Folder: ======


========================= Folder: C:\ProgramData\r5mhodpfwo464lyw ========================

C:\ProgramData\r5mhodpfwo464lyw => File

====== End of Folder: ======

"C:\WINDOWS\system64" => Deleting reparse point and unlocking started:
"C:\WINDOWS\system64" =>Deleting reparse point and unlocking completed.
"C:\WINDOWS\system64" =>Deleting reparse point and unlocking completed.
================== Zip: ===================
C:\WINDOWS\Minidump -> copied successfully to C:\Users\arvis\Desktop\23.11.2016_05.32.49.zip
=========== Zip: End ===========


The system needed a reboot.

==== End of Fixlog 05:33:04 ====

Attached Files


Edited by Oh My!, 23 November 2016 - 10:24 AM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:07 AM

Posted 23 November 2016 - 10:54 AM

Greetings Arvy,

Please post in the BSOD topic that you are currently being helped in the Malware Forum and you want to put the BSOD topic on hold until your computer is deemed clean. There should not be 2 topics dealing with the same computer at the same time.

Your logs are not showing any recent Blue Screens. Is that correct?

You are asking a lot of your computer with a minimal amount of RAM. This may be the source of your problems but I want to make sure your system is clean and otherwise in good order. This could explain why Safe Mode works fine. It is far less demanding of resources.
 

Processor: Intel® Core i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 83%
Total physical RAM: 2868.5 MB
Available physical RAM: 486.85 MB
Total Virtual: 4896.5 MB
Available Virtual: 696.64 MB


Please do this.

===================================================

Running sfc /scannow in Elevated Command

--------------------
  • Click Start, type cmd, then press the Shift, Ctrl, + Enter keys at the same time
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow
  • Windows 8/10: Press the Windows key + X at the same time, then click Command Prompt (Admin)
  • Type the following at the Command Prompt and press Enter

sfc /scannow

  • If Windows did not find any integrity violations please let me know
  • If errors were found copy and paste the following after the command prompt then press Enter

copy %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

  • A sfcdetails.txt document will be placed on your Desktop
  • Please zip and upload the file here
===================================================

CheckDiskGUI

--------------------
  • Download CheckDiskGUI and save it to your desktop
  • Double click the icon and select Run
  • Under the DirtyBit column please let me know if there is any indication of a Dirty Bit
  • Place a check mark in the C: drive box
  • Click Read Only
  • Once completed click File, then Save
  • Save the file to your desktop as CheckDiskGUI (should be default name)
  • Copy and paste the contents of the report in your reply
===================================================

RogueKiller

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 2 times
  • Click Install
  • Click Finish
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • sfc report
  • CheckDisk report
  • RogueKiller report
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:07 AM

Posted 27 November 2016 - 11:07 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 arvynet

arvynet
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 28 November 2016 - 10:49 AM

hey Gary ive been away from home for the thanksgiving weekend. 

i ran into some issues trying to complete your last suggestions and my computer has gotten worse.

it has gotten to the point where i was only able to boot the computer up after the fifth time in normal mode. all other tries ended up in bosds.

i tried running one of the scans in safe mode and without completing the scan my pc shut down.

the remainder of the reply i have been working on since your last post and as you will be able to tell things have changed.

i wasn't having any bosd before but now they have come back to haunt me. 

 

november 24 2016:

i have already put that topic on hold. 
i have not had any blue screens for about a week, but that might have to do with some of the steps i had taken prior to finding this forum. the other thing i have not really been using the computer to do any serious work or gaming. sometimes the bosd would pop up when i would turn on a game. 
as for the memory issue it seems that the cause is windows 10 using allot more memory than windows 7 was using.
I have used windows ten since the free upgrade, and haven't had these kind of issue in the first year or so of use. it just started recently.
besides i mean something is using the memory up, i mean the computer has 4gb of ram of which 2.75 is usable (thats what it say in the about pc) 
when i had win 7 i never had cpu memory or ram usage higher than like 20-30 percent now none of the usage graphs fall below 50%
but thats besides the point now lets try to see if my pc has any infections and we will get into the operating system with the bosd guys.
 
sfc/scannow : Windows resource protection did not find any integrity violations
 
dirtybit column is empty, the scan comes up with a message that says "some errors were found you should fix this partition" i will attach a screenshot. ive tried multiple times and i come up to the same error every time.
 
 
that's as far as i got at that point, i started having bosd and computer shutting down mid scan. 
i haven't been able to complete rogue killer scan, i will attempt again today.
i will post this what i've done thus far so you wont shut down my thread.
also attached are screen shots of the errors i was receiving while running the scans.

Attached Files


Edited by arvynet, 28 November 2016 - 10:54 AM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:07 AM

Posted 28 November 2016 - 11:55 AM

Thank you, please attempt do this. If you run into major problems with one step simply attempt the next one.

===================================================

Startup Repair - Windows 10/8

----------
  • Press the Windows Key + R at the same time
  • Copy and paste the following in the Run box

shutdown /r /o /f /t 00

  • Press OK
  • When the system reboots select Troubleshoot
  • Select Advanced Options
  • Select Startup Repair
  • When completed check your startup process
===================================================

CheckDiskGUI Fix and Recover

--------------------
  • Launch CheckDiskGUI
  • Place a check mark in the C: drive box
  • Click Fix and Recover
  • Check Yes to schedule the volume to be checked on the next system restart and allow the computer to reboot. The process may take a long time to complete
  • Once completed your computer will automatically restart
  • A message should briefly appear during boot up indicating whether or not the disk is clean
  • Report the results in your reply
===================================================

BlueScreenView

----------
  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Unzip the folder to your desktop
  • Double click gsmartcontrol.exe
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Startup Repair results
  • CheckDiskGUI results
  • BSOD.txt
  • GSmart results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 arvynet

arvynet
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 30 November 2016 - 08:28 AM

overall the computer performance has increased a little bit. 
today it started without any bsods.
rogue killer scan never finished correctly. it takes really long and i leave the computer unattended and when i come back the computer is at the login screen.
 
startup repair 
came back as failed 
 
check disk gui 
the scan and fix finished and said 100% complete but i did not see any other message
i tried running it in read only again and got the same message of fix this partition
 
bsod.txt
(for some reason it is only showing the old bsods. none of the recent ones are displayed.)
 
==================================================
Dump File         : 110916-37328-01.dmp
Crash Time        : 11/9/2016 2:42:49 PM
Bug Check String  : CRITICAL_PROCESS_DIED
Bug Check Code    : 0x000000ef
Parameter 1       : ffffca03`161c9780
Parameter 2       : 00000000`00000000
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+14a2c0
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+14a2c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\110916-37328-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 14393
Dump File Size    : 291,804
Dump File Time    : 11/9/2016 2:59:18 PM
==================================================
 
==================================================
Dump File         : 110916-64406-01.dmp
Crash Time        : 11/9/2016 2:33:41 PM
Bug Check String  : CRITICAL_PROCESS_DIED
Bug Check Code    : 0x000000ef
Parameter 1       : ffffa18c`b4c7a080
Parameter 2       : 00000000`00000000
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+14a2c0
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+14a2c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\110916-64406-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 14393
Dump File Size    : 281,172
Dump File Time    : 11/9/2016 2:36:02 PM
==================================================
 
==================================================
Dump File         : 110716-62937-01.dmp
Crash Time        : 11/7/2016 4:18:02 PM
Bug Check String  : CRITICAL_PROCESS_DIED
Bug Check Code    : 0x000000ef
Parameter 1       : ffff9901`9bdbe780
Parameter 2       : 00000000`00000000
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+14a2c0
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+14a2c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\110716-62937-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 14393
Dump File Size    : 277,876
Dump File Time    : 11/7/2016 4:20:27 PM
==================================================
 
 
gsmart results:
 
smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win8(64)] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
 
=== START OF INFORMATION SECTION ===
Model Family:     Western Digital Scorpio Blue Serial ATA
Device Model:     WDC WD5000BEVT-22ZAT0
Serial Number:    WD-WXH0AA9M4051
LU WWN Device Id: 5 0014ee 2ae6d3409
Firmware Version: 01.01A01
User Capacity:    500,107,862,016 bytes [500 GB]
Sector Size:      512 bytes logical/physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   8
ATA Standard is:  Exact ATA specification draft version not indicated
Local Time is:    Wed Nov 30 07:20:57 2016 CST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
 
General SMART Values:
Offline data collection status:  (0x00) Offline data collection activity
was never started.
Auto Offline Data Collection: Disabled.
Self-test execution status:      ( 113) The previous self-test completed having
the read element of the test failed.
Total time to complete Offline 
data collection: (14400) seconds.
Offline data collection
capabilities: (0x7b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time: (   2) minutes.
Extended self-test routine
recommended polling time: ( 167) minutes.
Conveyance self-test routine
recommended polling time: (   5) minutes.
SCT capabilities:       (0x303f) SCT Status supported.
SCT Error Recovery Control supported.
SCT Feature Control supported.
SCT Data Table supported.
 
SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x002f   200   199   047    Pre-fail  Always       -       1556
  3 Spin_Up_Time            0x0027   185   176   039    Pre-fail  Always       -       1750
  4 Start_Stop_Count        0x0032   094   094   050    Old_age   Always       -       6964
  5 Reallocated_Sector_Ct   0x0033   200   200   051    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x002e   200   200   046    Old_age   Always       -       0
  9 Power_On_Hours          0x0032   083   083   050    Old_age   Always       -       13088
 10 Spin_Retry_Count        0x0033   100   100   051    Pre-fail  Always       -       0
 11 Calibration_Retry_Count 0x0032   100   100   050    Old_age   Always       -       0
 12 Power_Cycle_Count       0x0032   096   096   050    Old_age   Always       -       4272
192 Power-Off_Retract_Count 0x0032   200   200   050    Old_age   Always       -       239
193 Load_Cycle_Count        0x0032   108   108   050    Old_age   Always       -       278330
194 Temperature_Celsius     0x0022   092   080   034    Old_age   Always       -       55
196 Reallocated_Event_Count 0x0032   200   200   050    Old_age   Always       -       0
197 Current_Pending_Sector  0x0032   200   200   050    Old_age   Always       -       1
198 Offline_Uncorrectable   0x0030   100   253   048    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x0032   200   200   050    Old_age   Always       -       0
200 Multi_Zone_Error_Rate   0x0009   100   253   009    Pre-fail  Offline      -       0
 
SMART Error Log Version: 1
No Errors Logged
 
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed: read failure       10%     13087         61705826
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

Edited by arvynet, 30 November 2016 - 08:36 AM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:07 AM

Posted 30 November 2016 - 09:07 PM

Greetings,

Let's run these.

===================================================

Running chkdsk with Report

--------------------
  • Click Start, type cmd, right click on cmd above and select Run as Administrator
  • Note: For Windows 8/10 press the windows key Windows_Logo_key.gif + X on your keyboard at the same time
  • Select Command Prompt (Admin)
  • Copy and paste the following in the Run box and click OK

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\chkdskreport.txt"

  • A black command window will open on your desktop and remain empty for a few minutes
  • When completed a chkdskreport.txt will appear on your desktop
  • Copy and paste the contents of the report in your reply
===================================================

Running sfc /scannow in Elevated Command

--------------------
  • Click Start, type cmd, then press the Shift, Ctrl, + Enter keys at the same time
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow
  • Windows 8/10: Press the Windows key + X at the same time, then click Command Prompt (Admin)
  • Type the following at the Command Prompt and press Enter

sfc /scannow

  • If Windows did not find any integrity violations please let me know
  • If errors were found copy and paste the following after the command prompt then press Enter

copy %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

  • A sfcdetails.txt document will be placed on your Desktop
  • Please [url=zip]zip
  • and upload the file here
===================================================

Disabling and Enabling Automatic Restart on System Failure - Windows 10/8

-------------------
  • Click Start, type cmd, right click on cmd and select Run as Administrator
  • Type or copy and paste wmic recoveros set AutoReboot = True after the command prompt and press Enter
  • You should receive a confirmation indicating Property's update successful
  • Type Exit, hit Enter then reboot your computer
  • When your system BSODs, write down the STOP error code, as well as any written out error message. The STOP error will always appear, but the message may not.

bsod_c.jpg

  • Please include this information in your reply.
  • Following a BSOD click Start, type cmd, right click on cmd and select Run as Administrator
  • Type or copy and[/b] after the command prompt and press Enter
  • You should receive a confirmation indicating Property's update successful
  • Type Exit, hit Enter then reboot your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • chkdsk report
  • sfc report
  • Blue Screen information, if applicable

Edited by Oh My!, 30 November 2016 - 09:08 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 arvynet

arvynet
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 01 December 2016 - 11:59 AM

when shutting down my computer yesterday it started making noises, when booting it also made this same noise. below is a link to the noise on someone else's computer but it was the same.

check disk report: 

 

The type of the file system is NTFS.
Volume label is Gateway.
 
WARNING!  /F parameter not specified.
Running CHKDSK in read-only mode.
 
Stage 1: Examining basic file system structure ...
Progress: 0 of 555520 done; Stage:  0%; Total:  0%; ETA:   0:26:43    
Progress: 10 of 555520 done; Stage:  0%; Total:  0%; ETA:   0:26:43 .  
Progress: 120 of 555520 done; Stage:  0%; Total:  0%; ETA:   0:35:25 .. 
Progress: 919 of 555520 done; Stage:  0%; Total:  0%; ETA:   0:50:38 ...
Progress: 2305 of 555520 done; Stage:  0%; Total:  0%; ETA:   0:31:32    
Progress: 2779 of 555520 done; Stage:  0%; Total:  0%; ETA:   0:30:59 .  
Progress: 3195 of 555520 done; Stage:  0%; Total:  0%; ETA:   0:28:39 .. 
Progress: 3329 of 555520 done; Stage:  0%; Total:  0%; ETA:   0:34:10 ...
Progress: 3720 of 555520 done; Stage:  0%; Total:  0%; ETA:   0:38:30    
Progress: 3841 of 555520 done; Stage:  0%; Total:  0%; ETA:   0:41:41 .  
Progress: 4839 of 555520 done; Stage:  0%; Total:  0%; ETA:   0:35:18 .. 
Progress: 4901 of 555520 done; Stage:  0%; Total:  0%; ETA:   0:37:33 ...
Progress: 4910 of 555520 done; Stage:  0%; Total:  0%; ETA:   0:38:19    
Progress: 4944 of 555520 done; Stage:  0%; Total:  0%; ETA:   0:40:17 .  
Progress: 5121 of 555520 done; Stage:  0%; Total:  0%; ETA:   0:42:01 .. 
Progress: 5633 of 555520 done; Stage:  1%; Total:  0%; ETA:   0:41:23 ...
Progress: 6065 of 555520 done; Stage:  1%; Total:  0%; ETA:   0:44:30    
Progress: 8405 of 555520 done; Stage:  1%; Total:  0%; ETA:   0:33:14 .  
Progress: 10700 of 555520 done; Stage:  1%; Total:  0%; ETA:   0:29:05 .. 
Progress: 11575 of 555520 done; Stage:  2%; Total:  0%; ETA:   0:27:49 ...
Progress: 11597 of 555520 done; Stage:  2%; Total:  0%; ETA:   0:28:36    
Progress: 12289 of 555520 done; Stage:  2%; Total:  0%; ETA:   0:28:02 .  
Progress: 13569 of 555520 done; Stage:  2%; Total:  0%; ETA:   0:26:46 .. 
Progress: 19457 of 555520 done; Stage:  3%; Total:  1%; ETA:   0:19:29 ...
Progress: 26881 of 555520 done; Stage:  4%; Total:  1%; ETA:   0:14:32    
Progress: 32261 of 555520 done; Stage:  5%; Total:  2%; ETA:   0:12:14 .  
Progress: 34015 of 555520 done; Stage:  6%; Total:  2%; ETA:   0:12:31 .. 
Progress: 36609 of 555520 done; Stage:  6%; Total:  2%; ETA:   0:11:54 ...
Progress: 37121 of 555520 done; Stage:  6%; Total:  2%; ETA:   0:11:49    
Progress: 37377 of 555520 done; Stage:  6%; Total:  2%; ETA:   0:12:04 .  
Progress: 39111 of 555520 done; Stage:  7%; Total:  2%; ETA:   0:12:00 .. 
Progress: 39681 of 555520 done; Stage:  7%; Total:  2%; ETA:   0:12:01 ...
Progress: 44801 of 555520 done; Stage:  8%; Total:  2%; ETA:   0:11:10    
Progress: 52993 of 555520 done; Stage:  9%; Total:  3%; ETA:   0:09:46 .  
Progress: 53761 of 555520 done; Stage:  9%; Total:  3%; ETA:   0:09:50 .. 
Progress: 61271 of 555520 done; Stage: 11%; Total:  3%; ETA:   0:08:50 ...
Progress: 62209 of 555520 done; Stage: 11%; Total:  4%; ETA:   0:09:05    
Progress: 64836 of 555520 done; Stage: 11%; Total:  4%; ETA:   0:09:08 .  
Progress: 76212 of 555520 done; Stage: 13%; Total:  4%; ETA:   0:07:56 .. 
Progress: 84225 of 555520 done; Stage: 15%; Total:  5%; ETA:   0:07:18 ...
Progress: 84481 of 555520 done; Stage: 15%; Total:  5%; ETA:   0:07:20    
Progress: 84737 of 555520 done; Stage: 15%; Total:  5%; ETA:   0:07:34 .  
Progress: 84757 of 555520 done; Stage: 15%; Total:  5%; ETA:   0:07:35 .. 
Progress: 86273 of 555520 done; Stage: 15%; Total:  5%; ETA:   0:07:43 ...
Progress: 89345 of 555520 done; Stage: 16%; Total:  5%; ETA:   0:07:33    
Progress: 89960 of 555520 done; Stage: 16%; Total:  5%; ETA:   0:07:40 .  
Progress: 93185 of 555520 done; Stage: 16%; Total:  5%; ETA:   0:07:32 .. 
Progress: 94471 of 555520 done; Stage: 17%; Total:  5%; ETA:   0:07:32 ...
Progress: 97025 of 555520 done; Stage: 17%; Total:  6%; ETA:   0:07:50    
Progress: 100904 of 555520 done; Stage: 18%; Total:  6%; ETA:   0:07:47 .  
Progress: 109057 of 555520 done; Stage: 19%; Total:  6%; ETA:   0:07:19 .. 
Progress: 122369 of 555520 done; Stage: 22%; Total:  7%; ETA:   0:06:35 ...
Progress: 132353 of 555520 done; Stage: 23%; Total:  8%; ETA:   0:06:09    
Progress: 138372 of 555520 done; Stage: 24%; Total:  8%; ETA:   0:05:56 .  
Progress: 145698 of 555520 done; Stage: 26%; Total:  9%; ETA:   0File verification completed.
Progress: 11303 of 11303 done; Stage: 100%; Total: 25%; ETA:   0:04:28 .  
                                                                                       
                                                                                       
  11303 large file records processed.                                   
 
Progress: 0 of 0 done; Stage: 99%; Total: 25%; ETA:   0:04:28 .. 
                                                                                       
                                                                                       
  0 bad file records processed.                                     
 
 
Stage 2: Examining file name linkage ...
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is Gateway.
 
WARNING!  /F parameter not specified.
Running CHKDSK in read-only mode.
 
 
sfc report:
 
windows resource protection did not find any integrity violations.
 
i updated the bsod so it wont shut down so i could get a reading of what happened so far today no bsods.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:07 AM

Posted 01 December 2016 - 06:49 PM

Thanks.

Regarding the noise, no link provided.

Please do this.

===================================================

Running Chkdsk /r From Command Prompt with Report

--------------------
  • Close any open programs
  • Click Start, type cmd, then press the Shift, Ctrl, + Enter keys at the same time
  • An Administrator Command Prompt window should open
  • Copy and paste the following after the Command Prompt and press Enter

CMD /C ECHO Y|CHKDSK /R C: /R | SHUTDOWN /R /T 10

  • Please allow the system to reboot on its own and run the program. This may take a bit of time
  • When completed your system will automatically reboot
  • Press the windows key Windows_Logo_key.gif + R on your keyboard at the same time
  • Type powershell.exe and press Enter
  • Copy and paste the following after the Command Prompt and press Enter

get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt

  • A document named CHKDSKResults.txt will be created on your Desktop
  • Copy and paste the contents of the document in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Link?
  • Checkdisk report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 arvynet

arvynet
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 02 December 2016 - 08:58 AM

the noise only happened yesterday and wednesday at the end of yesterday there was no noise when starting or shutting down, and today no noise.

 

issue with check disk report

i ran the scan everything went well, once i opened powershell and input the code i got a red result on the command prompt but no document was created. i tryed 3 more times and eventually made a screen shot and gave up.

should i run the scan again in order to try and get the results?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users